PunWSD

Pun Web Shell Detector

Key Features

Detect WebShell and dangerous functions

Requirements:

packages php, yara
python lib yara

Usage:

$ python2 main.py                                 
Usage: main.py [options]

Options:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory=DIRECTORY
                        specify directory to scan
  -f FILENAME, --filename=FILENAME
                        specify file to scan
  -o OUTFILE, --outfile=OUTFILE
                        specify outfile to write result using JSON
  -p PATTERNDB, --patterndb=PATTERNDB
                        specify patterndb file
                        default value: config/final.yara
  -q, --quite           enable quite mode

$ python2 main.py -d ../../userFiles/5fd8f263781c4b6dbfb6f14878be34bc3fb7c0df/
[+] Scanning...  /5fd8f263781c4b6dbfb6f14878be34bc3fb7c0df//shell.php
[+] Found...   SHELL_SHELLDETECT_spam_2__0__php   in (/5fd8f263781c4b6dbfb6f14878be34bc3fb7c0df//shell.php)
[+] Analized  : 1 files 
[+] Found : 1 shells

Development

Build your own signatures DB

$ cd lib/
$ python2 pm_patterns_export.py -d ../data/all/ -o ../config/final.yara

Then, the created signature has been stored at config/final.yara.

Changelog

Not yet released

Thanks to:

https://github.com/tennc/webshell
https://github.com/emposha/PHP-Shell-Detector
https://github.com/robocoder/rips-scanner

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

PunWSD

Key Features

Requirements:

Usage:

Development

Build your own signatures DB

Changelog

Thanks to:

Files

README.md

Latest commit

History

README.md

File metadata and controls

PunWSD

Key Features

Requirements:

Usage:

Development

Build your own signatures DB

Changelog

Thanks to: