Web Shell Detector
Web Shell Detector is released under the MIT License http://www.opensource.org/licenses/mit-license.php
Web Shell Detector sponsored by http://www.websecure.co.il
Number of known shells: 343
PHP 5.x, OpenSSL (only for secure file submission)
To activate Web Shell Detector:
Upload shelldetect.php and shelldetect.db to your root directory
Open shelldetect.php file in your browser
Inspect all strange files, if some of files look suspicious, send them to http://www.websecure.co.il team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “web shell detector” web shells signature database.
If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be carefull because some of shells may be integrated into system files!).
- extension - extensions that should be scanned
- showlinenumbers - show line number where suspicious function used
- dateformat - used with access time & modified time
- langauge - if I want to use other language
- directory - scan specific directory
- task - perform different task
- report_format - used with is_cron(true) file format for report file
- is_cron - if true run like a cron(no output)
- filelimit - maximum files to scan (more then 30000 you should scan specific directory)
- useget - activate _GET variable for easy way to recive tasks
- authentication - protect script with user & password in case to disable simply set to NULL
- remotefingerprint - get shells signatures db by remote
1.61 added new way to send suspicious files, some css & code fixes, new shells signatures added
1.6 added support to indicate not shell files (but still those files need to be removed), loader indicator added
1.52 noindex meta tag added (to remove script from search results), scann all files options added: extension = *
1.51 unpack function update
1.5 unpack function added, application version check added, many warnings fixed, error handler fixed.
1.4 hide suspicious files option added, file scanning changed.
1.3 submission of suspicious file to websecure.co.il changed, email field added with ability to get notify about suspicious file.
1.2 encryption function added, authentication added, some small bugs fixed
1.1 fingerprint function change show line regex changed
1.0 first version