Web Exploit Detector: detect possible infections, malicious code and suspicious files in web hosting environments
Web Exploit Detector
The Web Exploit Detector is a Node.js application (and NPM module) used to detect possible infections, malicious code and suspicious files in web hosting environments. This application is intended to be run on web servers hosting one or more websites. Running the application will generate a list of files that are potentially infected together with a description of the infection and references to online resources relating to it.
As of version 1.1.0, the application also includes utilities to generate and compare snapshots of a directory structure, allowing users to see if any files have been modified, added or removed.
The application is hosted here on GitHub so that others can benefit from it, as well as allowing others to contribute their own detection rules.
Installation
Regular users
The simplest way to install Web Exploit Detector is as a global NPM module: –
npm install -g web_exploit_detector
If you are running Linux or another Unix-based OS you might need to run this command as root (e.g. sudo npm install -g web_exploit_detector).
Updating
The module should be updated regularly to make sure that all of the latest detection rules are present. Running the above command will always download the latest stable (tested) version. To update a version that has already been installed, simply run the following:
npm update -g web_exploit_detector
Again, you may have to use the sudo command as above.
Technical users
You can also clone the Git repository and run the script directly like so:
git clone https://github.com/polaris64/web_exploit_detector
cd web_exploit_detector
npm install
