The Web Exploit Detector is a Node.js application (and NPM module) used to detect possible infections, malicious code and suspicious files in web hosting environments. This application is intended to be run on web servers hosting one or more websites. Running the application will generate a list of files that are potentially infected together with a description of the infection and references to online resources relating to it.
As of version 1.1.0 the application also includes utilities to generate and compare snapshots of a directory structure, allowing users to see if any files have been modified, added or removed.
The application is hosted here on GitHub so that others can benefit from it, as well as allowing others to contribute their own detection rules
The following two utilities are also installed as part of Web Exploit Detector: –
– wed-generate-snapshot: this utility allows a snapshot to be generated for all files (recursively) in a directory specified by “–webroot”. The snapshot will be saved to a file specified in the “–output” option.
– wed-compare-snapshot: once a snapshot has been generated, it can be compared against the current contents of the same directory (–webroot). The snapshot to check is specified using the “–snapshot” option. Make sure that the –webroot used to generate and check the snapshot are exactly the same, otherwise all files will be shown as different.
+ Node JS
npm install -g web_exploit_detector
If you are running Linux or another Unix-based OS you might need to run this command as root (e.g. sudo npm install -g web_exploit_detector
git clone https://github.com/polaris64/web_exploit_detector && cd web_exploit_detector
npm install --no-optional