Created
June 2, 2022 11:21
-
-
Save vaknin/c14d553973468e9c03c395e3aef76b85 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from os import walk, path | |
| from hashlib import md5 | |
| print('[+] Running...') | |
| # Find the original file's MD5 sum | |
| with open('original.txt', 'rb') as file: | |
| webshell_hash = md5(file.read()).hexdigest() | |
| # Scan the entire system, and compare any file's hash to the malicious webshell's hash | |
| for root, subdirs, files in walk('/'): | |
| for file in files: | |
| # Get the file's MD5 sum | |
| with open(path.join(root, file), 'rb') as f: | |
| file_hash = md5(f.read()).hexdigest() | |
| # Compare it with the webshell's MD5 sum | |
| is_webshell = file_hash == webshell_hash | |
| # Alert! | |
| if is_webshell: | |
| print(f"[+] Found a webshell! {root}/{file}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment