项目作者: Tom-Lovatt

项目描述 :
Identifies obfuscated malicious PHP files
高级语言: Python
项目地址: git://github.com/Tom-Lovatt/revelio.git
创建时间: 2018-03-29T03:58:13Z
项目社区:https://github.com/Tom-Lovatt/revelio

开源协议:GNU General Public License v3.0

下载


Revelio

Identifies malicious PHP files, particularly those using obfuscation.

How does it work?

Files are analysed with a variety of methods (primarily laid out as Yara rules) and awarded a number of points for each pattern they match. For instance, using the eval statement may be worth 1 point, whereas executing OS-level commands may be worth 3 points since they can do more damage. When a file reaches a certain level of points (the default being 5), it’s reported as suspicious.

How do I use this?

See the Releases tab and download the revelio-release tar.gz file for a 64-bit executable of Revelio with all dependencies bundled together. Alternatively:

  1. Clone this repository
  2. Install python3
  3. Run pip3 install -r requirements.txt
  4. Run Revelio with python3 revelio.py

    For usage instructions, see revelio --help or the instructions below.

  1. usage: revelio [-h] [-f LOG_FILE] [-r] [-v] [-g GIT_ROOT]
  2. [-w WORDPRESS_ROOT] [-a] [-p {0,1,2,3}]
  3. target directory [target directory ...]
  4. Scan for malicious PHP files, particularly those using obfuscation.
  5. positional arguments:
  6. target directory
  7. optional arguments:
  8. -h, --help show this help message and exit
  9. -f LOG_FILE, --log-file LOG_FILE
  10. Send all output to the specified file.
  11. -r, --recurse Search recursively within the target directory.
  12. -v, --verbose Show all debugging statements.
  13. -g GIT_ROOT, --git-root GIT_ROOT
  14. If target is part of a Git repo, supply the root
  15. directory to use Git metadata in the scan. Note: This
  16. mode won't scan any files or directories listed in
  17. .gitignore
  18. -w WORDPRESS_ROOT, --wordpress-root WORDPRESS_ROOT
  19. If target is part of a Wordpress installation, specify
  20. the root directory to include hash verification in the
  21. scan
  22. -a, --aggressive-scan
  23. Lower the threshold for how suspicious a file needs to
  24. be before it's reported. Can be specified up to 3
  25. times, increasing the level each time.
  26. -p {0,1,2,3}, --priority {0,1,2,3}
  27. Set the priority of the scan, from 0-3. Higher
  28. priorities will complete faster but use more system
  29. resources.

For example:

revelio -p3 -r -w /var/www/example.com/public -g /var/www/example.com /var/www/example.com