IDE>> revelio>> 返回
项目作者: Tom-Lovatt

项目描述 :
Identifies obfuscated malicious PHP files
高级语言: Python
项目地址: git://github.com/Tom-Lovatt/revelio.git
创建时间: 2018-03-29T03:58:13Z
项目社区:https://github.com/Tom-Lovatt/revelio
开源协议:GNU General Public License v3.0
下载


Revelio

Identifies malicious PHP files, particularly those using obfuscation.

How does it work?

Files are analysed with a variety of methods (primarily laid out as Yara rules) and awarded a number of points for each pattern they match. For instance, using the eval statement may be worth 1 point, whereas executing OS-level commands may be worth 3 points since they can do more damage. When a file reaches a certain level of points (the default being 5), it’s reported as suspicious.

How do I use this?

See the Releases tab and download the revelio-release tar.gz file for a 64-bit executable of Revelio with all dependencies bundled together. Alternatively:

  1. Clone this repository
  2. Install python3
  3. Run pip3 install -r requirements.txt

  4. Run Revelio with python3 revelio.py

    For usage instructions, see revelio --help or the instructions below.

  1. usage: revelio [-h] [-f LOG_FILE] [-r] [-v] [-g GIT_ROOT]
  2.                   [-w WORDPRESS_ROOT] [-a] [-p {0,1,2,3}]
  3.                   target directory [target directory ...]
  5. Scan for malicious PHP files, particularly those using obfuscation.
  7. positional arguments:
  8.   target directory
  10. optional arguments:
  11.   -h, --help            show this help message and exit
  12.   -f LOG_FILE, --log-file LOG_FILE
  13.                         Send all output to the specified file.
  14.   -r, --recurse         Search recursively within the target directory.
  15.   -v, --verbose         Show all debugging statements.
  16.   -g GIT_ROOT, --git-root GIT_ROOT
  17.                         If target is part of a Git repo, supply the root
  18.                         directory to use Git metadata in the scan. Note: This
  19.                         mode won't scan any files or directories listed in
  20.                         .gitignore
  21.   -w WORDPRESS_ROOT, --wordpress-root WORDPRESS_ROOT
  22.                         If target is part of a Wordpress installation, specify
  23.                         the root directory to include hash verification in the
  24.                         scan
  25.   -a, --aggressive-scan
  26.                         Lower the threshold for how suspicious a file needs to
  27.                         be before it's reported. Can be specified up to 3
  28.                         times, increasing the level each time.
  29.   -p {0,1,2,3}, --priority {0,1,2,3}
  30.                         Set the priority of the scan, from 0-3. Higher
  31.                         priorities will complete faster but use more system
  32.                         resources.

For example:

revelio -p3 -r -w /var/www/example.com/public -g /var/www/example.com /var/www/example.com