Skip to content

Web Shell finder using grep, where it has wordlist around the world to grep inside using regex and wordlist. So Lightweight and fast!

License

Notifications You must be signed in to change notification settings

Arya-f4/worldshellfinder

Repository files navigation

Worldfind: A Simple Webshell Detection Tool

Tired getting hacked and finding where the hacker backdoor is? Worldfind is a basic web shell finder command-line tool written in Go that helps you identify potential web shell hidden within your web server directories or even in your image file. It works by scanning files for suspicious keywords and regular expressions commonly found in malicious scripts. (also please star)

shellfind

Worldshellfinder flow

Disclaimer: This tool is intended for educational and informational purposes only. It is not a substitute for comprehensive security measures. Use at your own risk. False positives are possible.

Features:

  • Scans files for specified keywords.
  • Uses regular expressions to detect common webshell patterns.
  • Customizable wordlist (optional).
  • Simple and easy to use.
Usage: worldshellfinder [option] <directory> [wordlist]
Option:
  --update     Update latest version from repository.
  -v           Enable verbose mode.
  -h, --help   Display this help.

Installation:

  1. Prerequisites: Make sure you have Go installed on your system.
  2. Download Worldfind:
    • Clone the repository: git clone https://github.com/Arya-f4/worldshellfinder.git
    • Or download the source code as a ZIP file and extract it.
  3. Build the Executable:
    • Open a terminal and navigate to the worldfind directory.
    • Run the command: go build
    • This will create an executable file named worldfind in the same directory.

Alternative Installation & update :

Setting go path environment (linux & MAC) :

export PATH=$PATH:/home/profile/go/bin

replace the profile with your current profile

And then install via go install (linux, windows & MAC) :

go install -v github.com/Arya-f4/worldshellfinder@latest

Usage:

  1. Building and compiling to executable

    go build -o worldshellfinder

    you can replace the worldfind with your desired name of application and also change the bash command.

  2. Basic Scan:

    ./worldshellfinder <directory> 
    • Replace <directory> with the path to the directory you want to scan.
  3. Custom Wordlist:

    ./worldshellfinder <directory> <wordlist_path (optional)>
    • Replace <wordlist_path> with the path to your custom wordlist file.

Alternative Usage:

  1. After installation using go install simply just type :
    worldshellfinder [option] <directory> [wordlist]

Wordlist Format:

The wordlist should be a plain text file with one keyword per line. You can use the provided wordlists/default.txt file as a starting point.

Example:

./worldshellfinder /var/www/html wordlists/my_wordlist.txt

This command will scan the /var/www/html directory using keywords from the wordlists/my_wordlist.txt file.

To Know :

This tools is using keyword that unique inside the shell to get as reference here is the list of the known shell :

List Of Known Shell and Already Detected

Contributing:

Contributions are welcome! Please feel free to submit pull requests for new features, improvements, or bug fixes.

Please note: This tool is under development and may be updated in the future.

Compatibility :

  • Windows
  • Linux
  • Mac (Compile it Yourself)

Go