Forensik | Cara menemukan Webshell dengan PHP-Shell-Detector
Admin
---
Deteksi
Jumlah kerang yang diketahui: 604
Install
Requirement:
PHP 5.x, OpenSSL (only for secure file submission)
git clone https://github.com/emposha/PHP-Shell-Detector.git
PHP 5.x, OpenSSL (only for secure file submission)
git clone https://github.com/emposha/PHP-Shell-Detector.git
Cara manggunakannya
Options
extension - extensions that should be scanned
showlinenumbers - show line number where suspicious function used
dateformat - used with access time & modified time
langauge - if I want to use other language
directory - scan specific directory
task - perform different task
report_format - used with is_cron(true) file format for report file
is_cron - if true run like a cron(no output)
filelimit - maximum files to scan (more then 30000 you should scan specific directory)
useget - activate _GET variable for easy way to recive tasks
authentication - protect script with user & password in case to disable simply set to NULL
remotefingerprint - get shells signatures db by remote
extension - extensions that should be scanned
showlinenumbers - show line number where suspicious function used
dateformat - used with access time & modified time
langauge - if I want to use other language
directory - scan specific directory
task - perform different task
report_format - used with is_cron(true) file format for report file
is_cron - if true run like a cron(no output)
filelimit - maximum files to scan (more then 30000 you should scan specific directory)
useget - activate _GET variable for easy way to recive tasks
authentication - protect script with user & password in case to disable simply set to NULL
remotefingerprint - get shells signatures db by remote
Untuk mengaktifkan Web Shell Detector:
- Upload shelldetect.php dan shelldetect.db ke direktori root Anda
- Buka file shelldetect.php di browser Anda Contoh: http://www.website.com/shelldetect.php
- Gunakan username & password default Username: admin Password: protect
- Periksa semua file aneh, jika beberapa file terlihat mencurigakan, kirim ke http://www.shelldetector.com tim. Setelah mengirimkan file Anda, akan diperiksa dan jika ada ancaman, maka akan dimasukkan ke dalam "web shell detector" web shells signature database.
- If any web shells found and identified use your ftp/ssh client to remove it from your web server (IMPORTANT: please be careful because some of shells may be integrated into system files!).
Sumber source: https://github.com/emposha/PHP-Shell-Detector