Web Shell Detector
Web Shell Detector is released under the MIT License http://www.opensource.org/licenses/mit-license.php
Console version (python): https://github.com/emposha/Shell-Detector
Number of known shells: 604
PHP 5.x, OpenSSL (only for secure file submission)
To activate Web Shell Detector:
1) Upload shelldetect.php and shelldetect.db to your root directory
2) Open shelldetect.php file in your browser
3) Use default username & password
Username: admin Password: protect
4) Inspect all strange files, if some of files look suspicious, send them to http://www.shelldetector.com team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.
5) If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be careful because some of shells may be integrated into system files!).
- extension - extensions that should be scanned
- showlinenumbers - show line number where suspicious function used
- dateformat - used with access time & modified time
- langauge - if I want to use other language
- directory - scan specific directory
- task - perform different task
- report_format - used with is_cron(true) file format for report file
- is_cron - if true run like a cron(no output)
- filelimit - maximum files to scan (more then 30000 you should scan specific directory)
- useget - activate _GET variable for easy way to recive tasks
- authentication - protect script with user & password in case to disable simply set to NULL
- remotefingerprint - get shells signatures db by remote
1.66 thanks to John Thornton for small tweeks and php 5.3.3 support
1.64 settings ini file support added(in case that you want to use same settings without code changing), output method rewriten, is_cron fixed, italian translation added (thanks to Marco Saiu)
1.63 new shell recognize mechanizm added, shell signatures updated.
1.62 version of jquery reverted to 1.7.x due bug with jquery ui dialog, new type of files added, shells signatures updated
1.61 added new way to send suspicious files, some css & code fixes, new shells signatures added
1.6 added support to indicate not shell files (but still those files need to be removed), loader indicator added
1.52 noindex meta tag added (to remove script from search results), scann all files options added: extension = *
1.51 unpack function update
1.5 unpack function added, application version check added, many warnings fixed, error handler fixed.
1.4 hide suspicious files option added, file scanning changed.
1.3 submission of suspicious file to shelldetector.com changed, email field added with ability to get notify about suspicious file.
1.2 encryption function added, authentication added, some small bugs fixed
1.1 fingerprint function change show line regex changed
1.0 first version