PHP Shell Detector – web shell detection tool

PHP Shell Detector is a php script that helps you find and identify php shells. It also has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, php shell detector has a light weight and friendly interface . The main features is that if you’re not sure about a suspicious file, you may send it to the websecure.co.il team.  After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “php shell detector” web shells signature database and the next time this file will be recognized positively.

Screenshots:

Modal popup with suspicious functions use
Positive shell recognition ( suspicious functions list with ability to check what kind of function used)
in case that shell not recognized you can always send it to websecure.co.il and they will inspect the file
Report with total suspicious and shells files that was found

Settings:

  • extension – extensions that should be scanned
  • showlinenumbers – show line number where suspicious function used
  • dateformat – used with access time & modified time
  • langauge – if I want to use other language
  • directory – scan specific directory
  • task – perform different task
  • report_format – used with is_cron(true) file format for report file
  • is_cron – if true run like a cron(no output)
  • filelimit – maximum files to scan (more then 30000 you should scan specific directory)
  • useget – activate _GET variable for easy way to recive tasks
  • authentication – protect script with user & password in case to disable simply set to NULL
  • remotefingerprint – get shells signatures db by remote

 

Number of shells in signature database is: 141

Demo: http://www.emposha.com/demo/shelldetect/

Download: https://github.com/emposha/PHP-Shell-Detector

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *