webshell-detector

pipeline status Latest Stable Version Total Downloads Latest Unstable Version License

Developement now taks place at https://gitlab.cylab.be/cylab/webshell-detector

Installation and usage

The webshell detector can be integrated as a composer library to your project, or you can run it from the command line.

As a library

composer require cylab-be/webshell-detector

require_once "vendor/autoload.php";

use RUCD\WebshellDetector\Detector;

$detector = new Detector();
echo $detector->analyzeFile("strange_file.php");

From the command line

Download the runnable PHAR from the Releases pages.

To run:

webshell-detector.phar analyze:directory /path/to/directory

You can modify the "sensitivity" of the detector, by modifying the threshold for displaying files. This will display the suspiciousness score of every files:

webshell-detector.phar analyze:directory -t 0.0 /path/to/directory

The default threshold used by the tool is 0.4

Check this project on GitLab

This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept