webshell-detect-bypass

绕过专业工具检测的Webshell研究文章和免杀的Webshell

1,676

407

1,676

View on GitHub

Top Related Projects

Th3inspector

2,216

Th3Inspector 🕵️ Best Tool For Information Gathering 🔎

RED_HAWK

2,969

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

Quick Overview

The LandGrey/webshell-detect-bypass repository is a collection of techniques and tools designed to bypass web shell detection mechanisms. It provides a comprehensive resource for security researchers and penetration testers to understand and evade web shell detection methods.

Pros

Covers a wide range of techniques to bypass web shell detection, including obfuscation, encoding, and other evasion methods.
Includes both code examples and detailed explanations, making it a valuable learning resource.
Regularly updated with new techniques and tools, ensuring the content remains relevant.
Actively maintained by a community of security professionals.

Cons

The repository may contain sensitive information that could be misused by malicious actors.
Some of the techniques presented may be considered unethical or illegal in certain jurisdictions.
The repository does not provide guidance on the responsible use of the presented techniques.
The complexity of the content may make it challenging for beginners to understand and apply.

Code Examples

This repository is not a code library, but rather a collection of techniques and tools. As such, it does not provide specific code examples. However, the repository includes various scripts and tools that demonstrate the implementation of the presented bypass techniques.

Getting Started

Since this repository is not a code library, there are no specific getting started instructions. However, users interested in exploring the content should be aware of the potential risks and ethical considerations involved. It is recommended to use the information in this repository responsibly and only for legitimate security testing purposes.

Competitor Comparisons

Th3inspector

2,216

Th3Inspector 🕵️ Best Tool For Information Gathering 🔎

Pros of Th3inspector

Th3inspector provides a comprehensive set of tools for web application security testing, including vulnerability scanning, information gathering, and exploitation capabilities.
The tool is actively maintained and regularly updated, ensuring that it stays up-to-date with the latest security threats and techniques.
Th3inspector has a user-friendly interface and provides detailed reports, making it easier for users to understand and act on the findings.

Cons of Th3inspector

Th3inspector is a larger and more complex tool compared to webshell-detect-bypass, which may make it less suitable for users who require a more focused and lightweight solution.
The tool may have a steeper learning curve, as it offers a wide range of features and functionalities that users need to familiarize themselves with.
Th3inspector is primarily focused on web application security testing, while webshell-detect-bypass is specifically designed for detecting and bypassing webshell detection.

Code Comparison

Here's a brief code comparison between the two projects:

webshell-detect-bypass:

def bypass_webshell_detect(code):
    """
    Bypass webshell detection by obfuscating the code.
    """
    obfuscated_code = ""
    for char in code:
        obfuscated_code += hex(ord(char))[2:]
    return obfuscated_code

Th3inspector:

def get_robots_txt(self):
    """
    Get the contents of the robots.txt file.
    """
    try:
        response = requests.get(self.url + "/robots.txt")
        if response.status_code == 200:
            return response.text
        else:
            return None
    except:
        return None

RED_HAWK

2,969

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

Pros of RED_HAWK

RED_HAWK is a comprehensive tool that combines multiple security scanning and information gathering features, making it a versatile option for security professionals.
The tool is actively maintained and regularly updated, ensuring it stays relevant and effective.
RED_HAWK provides a user-friendly interface, making it accessible to both experienced and novice users.

Cons of RED_HAWK

RED_HAWK may have a larger attack surface due to its broad feature set, potentially making it more vulnerable to security issues.
The tool's extensive functionality may result in a higher resource consumption, which could be a concern for users with limited system resources.
Some users may prefer a more focused and specialized tool like webshell-detect-bypass for specific tasks.

Code Comparison

Here's a brief code comparison between the two projects:

webshell-detect-bypass:

def detect_webshell(file_path):
    with open(file_path, 'r') as f:
        content = f.read()
    for pattern in WEBSHELL_PATTERNS:
        if re.search(pattern, content, re.IGNORECASE):
            return True
    return False

RED_HAWK:

def cms_fingerprint(url):
    try:
        response = requests.get(url)
        if response.status_code == 200:
            for cms, pattern in CMS_PATTERNS.items():
                if re.search(pattern, response.text, re.IGNORECASE):
                    return cms
    except:
        pass
    return 'Unknown'

Both code snippets demonstrate the core functionality of the respective projects, with webshell-detect-bypass focusing on detecting webshells and RED_HAWK providing CMS fingerprinting capabilities.

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README