BackdoorMan 2022 via Carding Forum
BackdoorMan is a tool compartment that assists you with finding pernicious, covered up and dubious PHP scripts and shells in a picked objective.
Depiction
A Python open source toolbox that assists you with finding noxious, covered up and dubious PHP scripts and shells in a picked objective, it mechanizes the most common way of recognizing the abovementioned.
Reason
The fundamental reason for BackdoorMan is to help website admins and engineers to find malignant contents in their webpage records, since it is very normal for programmers to put a secondary passage on a website they have hacked. A secondary passage can give the programmer proceeded with admittance to the site regardless of whether the site proprietors change account passwords. Secondary passage contents will fluctuate from 100s of lines of code to 1 or 2 lines of code and can be converged in many documents which makes it extremely difficult to find it, particularly in the event that the secondary passage is latent. There is well known ways and apparatuses that can be utilized including grep, yet BackdoorMan robotizes all the above as depicted before and make it much more simpler (basically I trust so).
Highlights
Shells distinguish by filename utilizing shells signature data set.
Acknowledgment of web indirect accesses.
Distinguish the utilization of dubious PHP capabilities and exercises.
Utilization of outer administrations next to its functionalities.
Utilization of nimbusec shellray Programming interface (free online webshell identify for PHP documents https://shellray.com).
Extremely high acknowledgment execution for webshells.
Check dubious PHP records on the web.
Simple, quick and solid.
Order for webshells with conduct grouping.
Free assistance of nimbusec.
Utilization of VirusTotal Public Programming interface (free web-based assistance that dissects documents and works with the speedy identification of infections, worms, trojans and a wide range of malware), it very well may be helpful in our circumstance.
Utilization of UnPHP (The web-based PHP decoder: UnPHP is a free help for dissecting jumbled and malignant PHP code) www.unphp.net. Extremely helpful in our circumstance.
Eval + gzinflate + Base64.
Recursive De-Jumbling.
Custom Capability and Regex Backing.
A tool stash that assists you with finding vindictive, covered up and dubious PHP scripts and shells in a picked objective.
Creator: Yassine Addi <yassineaddi.dev(at)gmail(dot)com>.
NOTE: This apparatus doesn't need Web association however it is strongly prescribed to profit from all elements.
Code:
Choices:
--rendition show program's adaptation number and exit
-h, - - assist with showing this help message and exit
-o Result, - - output=OUTPUT
save yield in a record
--no-variety don't involve colors in the result
--no-data don't show document data
--no-apis don't utilize APIs during filter (not suggested)
Changelog
Code:
v1.0.0 - first delivery <https://github.com/yassineaddi/PHP-indirect access detector>.
v2.0.0 - rename programming to 'BackdoorMan'.
- work on outside administrations (APIs).
- separate data sets from principal script.
- parcel of upgrades (contrast and first delivery).
v2.1.0 - separate content to classes to enhance the product.
v2.2.0 - add 'Servicer' class.
- rename classes.
- add '- - no-variety' choice.
- add '- - no-outer administrations' choice.
- add '- - no-record data' choice.
- improve 'Journalist' class.
- further develop programming point of interaction.
- little enhancements.
- eliminate single-line and multi-line remarks prior to filtering.
- add '- - force' choice.
- add UnPHP Programming interface.
- improve 'activities.txt' information base.
v2.2.1 - adjust remarks.
v2.3.1 - utilization of custom parser rather than reg-ex to identify backticks (execution administrator)
because of bogus up-sides.
- further developed report class.
- separate capabilities and exercises to low, medium and high...
- rename choices.
- add '- o, - - yield' choice.
- add/adjust remarks.
BackdoorMan is a tool compartment that assists you with finding pernicious, covered up and dubious PHP scripts and shells in a picked objective.
Depiction
A Python open source toolbox that assists you with finding noxious, covered up and dubious PHP scripts and shells in a picked objective, it mechanizes the most common way of recognizing the abovementioned.
Reason
The fundamental reason for BackdoorMan is to help website admins and engineers to find malignant contents in their webpage records, since it is very normal for programmers to put a secondary passage on a website they have hacked. A secondary passage can give the programmer proceeded with admittance to the site regardless of whether the site proprietors change account passwords. Secondary passage contents will fluctuate from 100s of lines of code to 1 or 2 lines of code and can be converged in many documents which makes it extremely difficult to find it, particularly in the event that the secondary passage is latent. There is well known ways and apparatuses that can be utilized including grep, yet BackdoorMan robotizes all the above as depicted before and make it much more simpler (basically I trust so).
Highlights
Shells distinguish by filename utilizing shells signature data set.
Acknowledgment of web indirect accesses.
Distinguish the utilization of dubious PHP capabilities and exercises.
Utilization of outer administrations next to its functionalities.
Utilization of nimbusec shellray Programming interface (free online webshell identify for PHP documents https://shellray.com).
Extremely high acknowledgment execution for webshells.
Check dubious PHP records on the web.
Simple, quick and solid.
Order for webshells with conduct grouping.
Free assistance of nimbusec.
Utilization of VirusTotal Public Programming interface (free web-based assistance that dissects documents and works with the speedy identification of infections, worms, trojans and a wide range of malware), it very well may be helpful in our circumstance.
Utilization of UnPHP (The web-based PHP decoder: UnPHP is a free help for dissecting jumbled and malignant PHP code) www.unphp.net. Extremely helpful in our circumstance.
Eval + gzinflate + Base64.
Recursive De-Jumbling.
Custom Capability and Regex Backing.
A tool stash that assists you with finding vindictive, covered up and dubious PHP scripts and shells in a picked objective.
Creator: Yassine Addi <yassineaddi.dev(at)gmail(dot)com>.
NOTE: This apparatus doesn't need Web association however it is strongly prescribed to profit from all elements.
Code:
Choices:
--rendition show program's adaptation number and exit
-h, - - assist with showing this help message and exit
-o Result, - - output=OUTPUT
save yield in a record
--no-variety don't involve colors in the result
--no-data don't show document data
--no-apis don't utilize APIs during filter (not suggested)
Changelog
Code:
v1.0.0 - first delivery <https://github.com/yassineaddi/PHP-indirect access detector>.
v2.0.0 - rename programming to 'BackdoorMan'.
- work on outside administrations (APIs).
- separate data sets from principal script.
- parcel of upgrades (contrast and first delivery).
v2.1.0 - separate content to classes to enhance the product.
v2.2.0 - add 'Servicer' class.
- rename classes.
- add '- - no-variety' choice.
- add '- - no-outer administrations' choice.
- add '- - no-record data' choice.
- improve 'Journalist' class.
- further develop programming point of interaction.
- little enhancements.
- eliminate single-line and multi-line remarks prior to filtering.
- add '- - force' choice.
- add UnPHP Programming interface.
- improve 'activities.txt' information base.
v2.2.1 - adjust remarks.
v2.3.1 - utilization of custom parser rather than reg-ex to identify backticks (execution administrator)
because of bogus up-sides.
- further developed report class.
- separate capabilities and exercises to low, medium and high...
- rename choices.
- add '- o, - - yield' choice.
- add/adjust remarks.
