When the website server is invaded, we need a
Webshell detection tool to help us discover the
webshell and further investigate possible security vulnerabilities in the system.
This article recommends 10 Webshll detection tools for website intrusion investigation. Of course, many host security products currently on the market also provide this WebShell detection capability, such as Alibaba Cloud.
1. D shield_Web scan and kill
It is produced by Ah D. It uses a self-developed code analysis engine regardless of extension, which can analyze the more hidden WebShell backdoor behavior.
Compatibility: Only Windows version is available.
Tool download address:
http://www.d99net.net/down/WebShellKill_V2.0.9.zip
2. Baidu WEBDIR+
The next generation WebShell detection engine adopts advanced dynamic monitoring technology and combines multiple engines to detect and kill with zero rules.
Compatibility: Provide online detection and killing of Trojans, free and open API to support batch detection.
Online killing address:
https://scanner.baidu.com/
3. Hippo
Focus on webshell anti-virus research, with a large number of webshell samples and independent anti-virus technology, using traditional features + cloud big data dual-engine anti-virus technology. The killing speed is fast, the accuracy is high, and the false alarm is low.
Compatibility: Support Windows, linux, support online killing.
Official website:
https://www.shellpub.com/
4. Web Shell Detector
Webshell Detector has a "Webshell" signature database that can help identify up to 99% of "Webshell".
Compatibility: Provide php/python script, cross-platform, online detection.
Official website:
http://www.shelldetector.com/
github project address:
https://github.com/emposha/PHP-Shell-Detector
5. CloudWalker (Muyun)
Incomplete body, the current release is a command line version Webshell detection tool, the open source project has stopped updating.
Compatibility. Linux version is provided, but Windows does not support it temporarily.
Online killing demo:
https://webshellchop.chaitin.cn/
github project address:
https://github.com/chaitin/cloudwalker
6. Sangfor WebShellKill
Sangfor WebShellKill (web backdoor detection tool) is a web backdoor special killing tool that not only supports webshell scanning, but also supports dark chain scanning. It is a killing tool that integrates multiple detection engines. It can detect the known and unknown backdoor files of the WEB website more accurately.
Compatibility: Support Windows, Linux
Tool download address:
http://edr.sangfor.com.cn/backdoor_detection.html (Access has been stopped)
7. Deep learning model detection PHP Webshell
A deep learning PHP webshell anti-virus engine demo, which provides online sample detection.
Online killing address:
http://webshell.cdxy.me/
8. PHP Malware Finder
PHP-malware-finder is an excellent tool for detecting webshell and malware obfuscated code
Compatibility: Linux version is provided, but Windows does not currently support it.
github project address:
https://github.com/jvoisin/php-malware-finder
9, findWebshell
This project is a webshell inspection tool developed based on python, which can check any type of webshell backdoor based on signature matching.
github project address:
https://github.com/he1m4n6a/findWebshell
10. Online webshell killing tool
Online killing address:
http://tools.bugscaner.com/killwebshell/
