Code Monkey home page Code Monkey logo

webmalwarescanner's Introduction

OWASP Web Malware Scanner

About

OWASP Web Malware Scanner is a simple malware scanner for web applications. It can be used to identify compromised Wordpress, Joomla and other popular web application installations.

Official OWASP Project Page

Requirements

  • python >= 2.7

Installation

git clone https://github.com/maxlabelle/WebMalwareScanner.git

Usage

To scan for compromised installations :

python wms.py /path/to/web/installations/

alt tag

Signature database

OWASP Web Malware Scanner uses a community-driven malware signature database to detect malwares. Signatures are found under the signatures/ folder. Each signature must be a text file, that contains the following JSON object:

{
  "Database_Name": "Generic malware database",
  "Database_Signatures": [
    {
      "Malware_Name": "Generic PHP Malware",
      "Malware_Signatures": ["function.*for.*strlen.*isset"]
    }
  ]
}

The 'Database_Signatures' object must be an array of objects that must contains the malware name (Malware_Name) and the signature's array of regular expressions (Malware_Signatures). If the content of a file matches one of these regular expression, it will be marked as infected.

The signatures for PHP files are in 'signatures/php/'. The signatures for Javascript files are in 'signatures/js/'.

OWASP Web Malware Scanner also performs md5 file checksums. MD5 file signatures are in 'signatures/checksum/'. A MD5 signature database must be a text file that contains the following JSON object:

{
  "Database_Name": "Generic malware hash database",
  "Database_Hash": [
    {
      "Malware_Name": "Zip.Trojan.Container",
      "Malware_Hash": "e27122ba785627fca79b4a19c8eea38b"
    }
  ]
}

The 'Database_Hash' object must be an array of objects that must contain the MD5 hash (Malware_Hash) and the Malware name (Malware_Name). If the MD5 checksum of a file matches one of these MD5 hashes, it will be marked as infected.

You are welcome to contribute to this project by adding new signatures to this database.

Credits

OWASP Web Malware Scanner is written by Maxime Labelle - [email protected]

License

OWASP Web Malware Scanner is released under the BSD license. See the LICENSE file for details.

webmalwarescanner's People

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.