Skip to content

tungpun/PunWSD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
config
config
 
 
lib
lib
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
distribute.py
distribute.py
 
 
main.py
main.py
 
 
paper-result.txt
paper-result.txt
 
 
reader.py
reader.py
 
 

Repository files navigation

PunWSD

Pun Web Shell Detector

Key Features

  • Detect WebShell and dangerous functions

Requirements:

  • packages php, yara

  • python lib yara

Usage:

$ python2 main.py                                 
Usage: main.py [options]

Options:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory=DIRECTORY
                        specify directory to scan
  -f FILENAME, --filename=FILENAME
                        specify file to scan
  -o OUTFILE, --outfile=OUTFILE
                        specify outfile to write result using JSON
  -p PATTERNDB, --patterndb=PATTERNDB
                        specify patterndb file
                        default value: config/final.yara
  -q, --quite           enable quite mode

$ python2 main.py -d ../../userFiles/5fd8f263781c4b6dbfb6f14878be34bc3fb7c0df/
[ ] Scanning...  /5fd8f263781c4b6dbfb6f14878be34bc3fb7c0df//shell.php
[ ] Found...   SHELL_SHELLDETECT_spam_2__0__php   in (/5fd8f263781c4b6dbfb6f14878be34bc3fb7c0df//shell.php)
[ ] Analized  : 1 files 
[ ] Found : 1 shells

Development

Build your own signatures DB

$ cd lib/
$ python2 pm_patterns_export.py -d ../data/all/ -o ../config/final.yara

Then, the created signature has been stored at config/final.yara.

Changelog

  • Not yet released

Thanks to:

About

Pun Web Shell Detector

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages