Mitigating-Web-Shells vs htshells

Mitigating-Web-Shells

Guidance for mitigation web shells. #nsacyber (by nsacyber)

#mitigation #Guidance #webshell #webshells

Source Code

htshells

Self contained htaccess shells and attacks (by wireghoul)

#webshell #Polyglot #Security #Apache #htaccess #Penetration Testing #Exploit

Source Code

justanotherhacker.com

Our great sponsors

Scout APM - Less time debugging, more time building

SonarQube - Static code analysis for 29 languages.

SaaSHub - Software Alternatives and Reviews

Our great sponsors

Mitigating-Web-Shells		htshells
	Project
1	Mentions	2
839	Stars	830
0.8%	Growth	-
0.0	Activity	0.0
11 months ago	Latest Commit	3 months ago
YARA	Language	Shell
GNU General Public License v3.0 or later	License	GNU General Public License v3.0 only

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

Mitigating-Web-Shells

Posts with mentions or reviews of Mitigating-Web-Shells. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-03-03.

Mass exploitation of on-prem Exchange servers :(
4 projects | reddit.com/r/msp | 3 Mar 2021

There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells

htshells

Posts with mentions or reviews of htshells. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-01-13.

Independently secure, together not so much - a story of 2 WP plugins
1 project | reddit.com/r/netsec | 2 Nov 2021

If you've got the ability to write .htaccess files, you pretty much already have RCE and do not need additional upload vulnerabilities. See https://github.com/wireghoul/htshells for some fun examples.
Null
4 projects | news.ycombinator.com | 13 Jan 2021

Found some GitHub issues [1] with something similar: an enterprise firewall blocking a repo because it contained the string "arglebargleglopglyf" [2] in some tests.
The text was flagged as malicious because of its presence in the repo github.com/wireghoul/htshells [3]. However, the whole point of the word in the htshells repo is that it's an invalid command that breaks Apache, so it could have been almost any random string.
[1] https://github.com/search?q=arglebargleglopglyf&type=issues
[2] https://mume.org/help/arglebargle
[3] https://github.com/wireghoul/htshells/blob/master/dos/apache...

What are some alternatives?

When comparing Mitigating-Web-Shells and htshells you can also consider the following projects:

fancy-index - A responsive Apache index page.

Libc

big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

FlameCord - Patches for Waterfall to improve overall performance, fix memory issues and protect against attacks.

Automate-Powershell

GovCMS7 - Current stable release of the main Drupal 7 GovCMS distribution, with releases mirrored at https://www.drupal.org/project/govcms

hack - Kubernetes security and vulnerability tools and utilities.

htshells vs fancy-index

htshells vs Libc

htshells vs big-list-of-naughty-strings

htshells vs wstg

htshells vs FlameCord

Mitigating-Web-Shells vs Automate-Powershell

htshells vs GovCMS7