Skip to content
master
Switch branches/tags
Code
This branch is even with redteamcaliber:master.
Contribute
Fetch upstream

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 

OWASP Web Malware Scanner

About

OWASP Web Malware Scanner is a simple malware scanner for web applications. It can be used to identify compromised Wordpress, Joomla and other popular web application installations.

Official OWASP Project Page

Requirements

  • python >= 2.7

Installation

git clone https://github.com/maxlabelle/WebMalwareScanner.git

Usage

To scan for compromised installations :

python wms.py /path/to/web/installations/

alt tag

Signature database

OWASP Web Malware Scanner uses a community-driven malware signature database to detect malwares. Signatures are found under the signatures/ folder. Each signature must be a text file, that contains the following JSON object:

{
  "Database_Name": "Generic malware database",
  "Database_Signatures": [
    {
      "Malware_Name": "Generic PHP Malware",
      "Malware_Signatures": ["function.*for.*strlen.*isset"]
    }
  ]
}

The 'Database_Signatures' object must be an array of objects that must contains the malware name (Malware_Name) and the signature's array of regular expressions (Malware_Signatures). If the content of a file matches one of these regular expression, it will be marked as infected.

The signatures for PHP files are in 'signatures/php/'. The signatures for Javascript files are in 'signatures/js/'.

OWASP Web Malware Scanner also performs md5 file checksums. MD5 file signatures are in 'signatures/checksum/'. A MD5 signature database must be a text file that contains the following JSON object:

{
  "Database_Name": "Generic malware hash database",
  "Database_Hash": [
    {
      "Malware_Name": "Zip.Trojan.Container",
      "Malware_Hash": "e27122ba785627fca79b4a19c8eea38b"
    }
  ]
}

The 'Database_Hash' object must be an array of objects that must contain the MD5 hash (Malware_Hash) and the Malware name (Malware_Name). If the MD5 checksum of a file matches one of these MD5 hashes, it will be marked as infected.

You are welcome to contribute to this project by adding new signatures to this database.

Credits

OWASP Web Malware Scanner is written by Maxime Labelle - maxime.labelle@owasp.org

License

OWASP Web Malware Scanner is released under the BSD license. See the LICENSE file for details.

About

WebMalwareScanner - A simple malware scanner for web applications

Resources

License

Releases

No releases published

Packages

No packages published

Languages