"WebShell QuickScanner" is a quick check tool that quickly finds WebShell and high-risk files in PHP files in a specified folder on a Linux server, and pushes test results to Telegram.
"Telegram" is an instant messaging system developed by Telegram Messenger LLP. Click here (Telegram-Wikipedia) for more information (https://ja.wikipedia.org/wiki/Telegram).
** This article is published as a Japanese usage document. ** **
Github: DeepSkyFire/WebShellQuickScanner
A quick check tool for quickly finding Web Shell and high-risk files in PHP files in a specified folder on a Linux server, and pushing test results to Telegram.
** However, the detected files will not be deleted. So what to do with these files is up to you to decide for yourself. ** **
-** Download "WebShell Quick Scanner" **
wget --no-check-certificate https://raw.githubusercontent.com/DeepSkyFire/WebShellQuickScanner/master/src/WebShellScanner.sh && chmod +x WebShellScanner.sh
-** Start quick check **
bash WebShellScanner.sh -p / data / www-data (specify the target folder)
-** Required dependencies **
If you want to use the function of pushing the test result to Telegram, you need to install cURL on the OS.
-** Push test results to Telegram **
To take advantage of this feature, first apply for a new BOT to @BotFather
on Telegram. Then use @userinfobot
on Telegram to find out the CHAT_ID for your account.
** Note! Telegram now limits the maximum number of characters that can be sent to a message. The maximum number of characters is 4096 characters. If the number of characters in the inspection result exceeds 4096 characters, transmission will fail. After that, I will update the new push method. *** ***
-** About Host Name **
You can specify the host name yourself. If you do not specify a host name, the script automatically loads the default host name from the OS.
-** About saving log files **
If you want to save the log file on the server, make settings like the following:
bash WebShellScanner.sh -p /data/www-data -l /home/wwwwlogs
** Caution! Do not write the "/" symbol at the end of the log save folder address. ** **
-** Full demo **
If you inspect the "/ data / www-data" folder, save the log file in the "/ home / wwwlogs" folder, and push the inspection result to Telegram with the hostname of "MyServer1" In the case of, let's set like the following settings:
bash WebShellScanner.sh -p /data/www-data -t TELEGRAM_BOT_TOKEN -c TELEGRAM_CHAT_ID -n MyServer1 -l /home/wwwwlogs
-** Display help message **
bash WebShellScanner.sh -h
Use crontab -e
from the Linux OS to set up a scan task.
Example:
15 4 * * * "/root"/WebShellScanner.sh -p "/data/www-data" -t "TELEGRAM_BOT_TOKEN" -c "TELEGRAM_CHAT_ID" -n "MyServer1" -l "/home/wwwlogs" > /dev/null
In the above example, the scan task is executed once a day at 4:15 am.
WebShellScanner.sh [-h] [-p
** Available parameters: **
-h Display help messages. Optional parameters (variables).
-p
-t
-c
-n
-l