(PHP) Shell Scanner


Having a PHP shell uploaded to your server is a BIG problem. They can put your whole server at risk. For this reason it is important to make sure that there is never a shell on your server. This script will run a recursive diagnostic on a directory to scan to the presence of a shell. ShellScan.py will check every file in a directory and its sub directories etc. for traces of PHP Shell malware such as the GNY.php shell and the C99.php shell. The scanner can be updated by modifying the XML database that the signatures are stored in. This makes the scanner more versatile. I saw other bash scripts that scanned for shells, but they mainly checked file names. File names are too easy for an attacker to change, so signatures seemed to be the way to go.
The signature database is simply is simply an XML file containing signatures and the script the correspond to. Each signature is simply a base64 encoded part of the source code of that is relatively unique to the shell.

Posted in

2 Response to (PHP) Shell Scanner

  1. Huztle Toolz says:
    December 28, 2012 at 5:19 AM

    please i need this script, i try to download it but it is invalid.
    please you can send it to my email.
    huztleguy@yahoo.com

  2. bounce says:
    May 10, 2014 at 2:00 PM

    please i need this script, i try to download it but it showing file no more.
    please you can send it to my email.bouncedeman@yahoo.com

Post a Comment

Subscribe to: Post Comments (Atom)