"WebShell QuickScanner" A quick check tool for quickly finding WebShell and high-risk files in PHP files in a specified folder on a Linux server, and pushes test results to Telegram.

What is "Web Shell Quick Scanner"?

"WebShell QuickScanner" is a quick check tool that quickly finds WebShell and high-risk files in PHP files in a specified folder on a Linux server, and pushes test results to Telegram.

"Telegram" is an instant messaging system developed by Telegram Messenger LLP. Click here (Telegram-Wikipedia) for more information (https://ja.wikipedia.org/wiki/Telegram).

** This article is published as a Japanese usage document. ** **

"WebShell QuickScanner" project repository

Github: DeepSkyFire/WebShellQuickScanner

About "WebShell Quick Scanner"

A quick check tool for quickly finding Web Shell and high-risk files in PHP files in a specified folder on a Linux server, and pushing test results to Telegram.

** However, the detected files will not be deleted. So what to do with these files is up to you to decide for yourself. ** **

Quick start to "WebShell Quick Scanner"

-** Download "WebShell Quick Scanner" **

    wget --no-check-certificate https://raw.githubusercontent.com/DeepSkyFire/WebShellQuickScanner/master/src/WebShellScanner.sh && chmod +x WebShellScanner.sh

-** Start quick check **

bash WebShellScanner.sh -p / data / www-data (specify the target folder)

Details on how to use "WebShell Quick Scanner"

-** Required dependencies **

If you want to use the function of pushing the test result to Telegram, you need to install cURL on the OS.

-** Push test results to Telegram **

To take advantage of this feature, first apply for a new BOT to @BotFather on Telegram. Then use @userinfobot on Telegram to find out the CHAT_ID for your account.

** Note! Telegram now limits the maximum number of characters that can be sent to a message. The maximum number of characters is 4096 characters. If the number of characters in the inspection result exceeds 4096 characters, transmission will fail. After that, I will update the new push method. *** ***

-** About Host Name **

You can specify the host name yourself. If you do not specify a host name, the script automatically loads the default host name from the OS.

-** About saving log files **

If you want to save the log file on the server, make settings like the following:

bash WebShellScanner.sh -p /data/www-data -l /home/wwwwlogs

** Caution! Do not write the "/" symbol at the end of the log save folder address. ** **

-** Full demo **

If you inspect the "/ data / www-data" folder, save the log file in the "/ home / wwwlogs" folder, and push the inspection result to Telegram with the hostname of "MyServer1" In the case of, let's set like the following settings:

    bash WebShellScanner.sh -p /data/www-data -t TELEGRAM_BOT_TOKEN -c TELEGRAM_CHAT_ID -n MyServer1 -l /home/wwwwlogs

-** Display help message **

    bash WebShellScanner.sh -h

Use crontab -e from the Linux OS to set up a scan task.

Example:

    15 4 * * * "/root"/WebShellScanner.sh -p "/data/www-data" -t "TELEGRAM_BOT_TOKEN" -c "TELEGRAM_CHAT_ID" -n "MyServer1" -l "/home/wwwlogs" > /dev/null

In the above example, the scan task is executed once a day at 4:15 am.

Explanation of parameters (variables)

WebShellScanner.sh [-h] [-p ] [-t ] [-c ] [-n ] [-l ]]

** Available parameters: **

-h Display help messages. Optional parameters (variables).

-p The folder you want to inspect.

-t Telegram Bot Token. Optional parameters (variables).

-c Telegram Chat id. Optional parameters (variables).

-n Custom host name. Optional parameters (variables).

-l log file save folder (do not write the "/" symbol at the end of the log file address). Optional parameters (variables).

Open source license

Recommended Posts

"WebShell QuickScanner" A quick check tool for quickly finding WebShell and high-risk files in PHP files in a specified folder on a Linux server, and pushes test results to Telegram.
How to display a specified column of files in Linux (awk)