Skip to content

clarencesubia/php_reverse_shell_hunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
docs
docs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
php_shell_hunter.py
php_shell_hunter.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

php_shell_hunter.py

logo

Features

  • Hunts basic unobfuscated PHP shell files to a target directory
  • Can be ran locally or to a remote linux server
  • If PHP shell is found, it will notify on specified slack channel
  • This script leverages Slack Incoming Webhooks App

Installation

git clone https://github.com/meliodaaf/threat-hunting-php-shell.git
pip3 install -r requirements.txt

Running the script against a remote server

Usage: python3 php_shell_hunter.py --remote-host 192.168.100.1 --directory /var/www/html

Running the script locally

Usage: python3 php_shell_hunter.py --directory /var/www/html

Setting up SSH passwordless connection to a remote server

ssh-key-gen -t rsa # There's no need for this command if you already have one
ssh-copy-id user@serverip

Sample

  1. Sample files on a remote host webshells
  2. Run the script againts the remote host and directory script
  3. Slack notification slack

References

About

Hunt PHP Shells in Linux and notify through Slack.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages