Mitigating-Web-Shells
gimmeSH
Our great sponsors
Mitigating-Web-Shells | gimmeSH | |
---|---|---|
2 | 2 | |
940 | 175 | |
0.4% | - | |
0.0 | 0.0 | |
9 months ago | over 2 years ago | |
YARA | Shell | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Mitigating-Web-Shells
-
Mass exploitation of on-prem Exchange servers :(
There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells
gimmeSH
We haven't tracked posts mentioning gimmeSH yet.
Tracking mentions began in Dec 2020.
What are some alternatives?
nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions [Moved to: https://github.com/nvm-sh/nvm]
acme.sh - A pure Unix shell script implementing ACME client protocol
Bash-Snippets - A collection of small bash scripts for heavy terminal users
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
spc - A scp wrapper to manage across multiple remote machines
pure-bash-bible - 📖 A collection of pure bash alternatives to external processes.
nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
Automate-Powershell
spectre-meltdown-checker - Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
ExchangeMarch2021IOCHunt - Really fast knock up use at own risk etc.
wso-webshell - 🕹 wso php webshell
htshells - Self contained htaccess shells and attacks