wed-scanner ~ Web Exploits Detector.

wed-scanner ~ Web Exploits Detector.

The Web Exploit Detector is a Node.js application (and NPM module) used to detect possible infections, malicious code and suspicious files in web hosting environments. This application is intended to be run on web servers hosting one or more websites. Running the application will generate a list of files that are potentially infected together with a description of the infection and references to online resources relating to it.

As of version 1.1.0 the application also includes utilities to generate and compare snapshots of a directory structure, allowing users to see if any files have been modified, added or removed.
The application is hosted here on GitHub so that others can benefit from it, as well as allowing others to contribute their own detection rules

web_exploit_detector v1.1.0

The following two utilities are also installed as part of Web Exploit Detector: –
– wed-generate-snapshot: this utility allows a snapshot to be generated for all files (recursively) in a directory specified by “–webroot”. The snapshot will be saved to a file specified in the “–output” option.
– wed-compare-snapshot: once a snapshot has been generated, it can be compared against the current contents of the same directory (–webroot). The snapshot to check is specified using the “–snapshot” option. Make sure that the –webroot used to generate and check the snapshot are exactly the same, otherwise all files will be shown as different.

+ Node JS