cloudwalker: A novel Webshell detection engine
CloudWalker
What is WebshellChop? How does it work?
WebshellChop is a novel webshell detection engine. However, now it can only analyze and detect PHP files. It works using abstract syntax tree analysis and regular expression matching on PHP file. Unlike the common detector, no compiler and no sandbox did we use. Benchmark tests show that WebshellChop really works like a charm on detecting webshell, with both precision and recall at a very high level.
How to use WebshellChop?
Choose a sample file (till now PHP limited), and choose whether it is a webshell. WebshellChop will give you the result level and relevant value in the blink of an eye.
Why did it give me the wrong result / mismatched level?
It is a newborn product, we are doing our best to enrich our rule database and to deal with an unexcepted case. Every wrong result will be logged and we promise to update. For mismatched level, if you are a staff, please contact the developer.
Download
Use
Try the online version here.
CloudWalker Cloud Workload Protection Platform
Copyright (C) 2018 Chaitin Tech
Source: https://github.com/chaitin/