Mitigating-Web-Shells
htshells
Our great sponsors
Mitigating-Web-Shells | htshells | |
---|---|---|
2 | 2 | |
940 | 975 | |
0.4% | - | |
0.0 | 0.0 | |
10 months ago | about 2 years ago | |
YARA | Shell | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Mitigating-Web-Shells
-
Mass exploitation of on-prem Exchange servers :(
There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells
htshells
-
Null
Found some GitHub issues [1] with something similar: an enterprise firewall blocking a repo because it contained the string "arglebargleglopglyf" [2] in some tests.
The text was flagged as malicious because of its presence in the repo github.com/wireghoul/htshells [3]. However, the whole point of the word in the htshells repo is that it's an invalid command that breaks Apache, so it could have been almost any random string.
[1] https://github.com/search?q=arglebargleglopglyf&type=issues
[2] https://mume.org/help/arglebargle
[3] https://github.com/wireghoul/htshells/blob/master/dos/apache...
What are some alternatives?
FlameCord - The ultimate antibot BungeeCord and Waterfall fork for a Secure and Fast Minecraft or Spigot Network. FlameCord protects your server from bot attacks and exploits with its antibot features. FlameCord also fixes bugs, improves performance and adds new functionalities. Download FlameCord now.🔥
Libc
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
fancy-index - A responsive Apache index page.
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
ImgBackdoor - Hide your payload into .jpg file
GovCMS7 - Current stable release of the main Drupal 7 GovCMS distribution, with releases mirrored at https://www.drupal.org/project/govcms
hack - Kubernetes security and vulnerability tools and utilities.
Automate-Powershell
lamp-setup - LAMP server setup
spectre-meltdown-checker - Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
HealthChecker - Exchange Server Performance Health Checker Script