thekadeshi / thekadeshi.py Goto Github PK

Antimalware software

Python 83.89% HTML 16.11%

antivirus malware-scanner malware-analyzer web-security security security-tools websecurity malware-detection signatures

thekadeshi.py's Introduction

theKadeshi

Antivirus for your web-site

Usage

Download latest version from release section: Releases

Unpack the .zip file.

Options

Source code startup:

python kadeshi.py [options] /home/name/your_site_folder/

Windows binaries:

kadeshi.exe [options] c:\temp\sites\your_site_folder\

Options are:

-h - Help
-v - Version
-bw - Disables color output. Enabled by default. Try this option if you see something like this: ...php (?[32mClean?[39m)...
-nc - Disables cleanup mode. Enabled by default
-nr - Disables report file. Enabled by default
-d - Outputs some debug information

Requirements

Python 3.6+

thekadeshi.py's People

Contributors

Stargazers

Watchers

Forkers

primmus formaldet ryanbekabe heikipikker 5l1v3r1

thekadeshi.py's Issues

(4, 'a87ff679a2f3e71d9181a67b7542122c', 0, 'cure', '~\<?\??.eval.?$.?gzuncompress.?\(.?base64_decode.?\(.?['"].*['"].?$.?\).?\).?;.\?\>~ius', 'regexp', 'PHP', 'Eval.Zip.Base64.0032', 1, 1, NULL, NULL, NULL, NULL),

0026

0030

0043

Импорт старых сигнатур

INSERT INTO `signatures` (`id`, `hash`, `parent`, `action`, `expression`, `format`, `type`, `title`, `active`, `tested`, `comment`, `created_at`, `updated_at`, `sample`) VALUES
(1, 'c4ca4238a0b923820dcc509a6f75849b', 0, 'delete', '~if.?\\(.?\\$_GET.?\\[.?.[a-z]{2,6}..?\\].*\\$_POST.?\\[.?.[a-z]{2,6}..?\\].*\\$_POST.?\\[.?.subj..?\\].*\\$_POST.?\\[.?.mes..?\\].*\\$_POST.?\\[.?.headers..?\\].*if.?\\(.?mail.?\\(.?\\$[a-z]{2,8}+\\,.?\\$[a-z]{2,8}\\,.?\\$[a-z]{2,8}\\,.?\\$[a-z]{2,8}.?\\).?\\).*if.?\\(.?\\!.?\\$_POST.?\\[.?.[a-z]{2,6}..?\\].?\\&\\&.?\\!.?\\$_GET.?\\[.?.[a-z]{2,6}..?\\].?\\&\\&.?count.?\\(.?\\$_GET.?\\).*\\$_GET.?\\[.?\\$[a-z]{2,}.?\\];.*header.?\\(.?.location.?:.?http\\:\\/\\/\\{\\$[a-z]{2,6}\\}..?\\);.{1,6}\\}~iusU', 'regexp', 'PHP', 'Mailer.0030', 1, 1, NULL, '2016-03-29 19:12:00', '2016-03-29 19:12:00', NULL)...

0032

0021

0024

0006

(6, '1679091c5a880faf6fb5e6087eb1b2dc', 0, 'delete', '~\$[a-z0-9]{1,3}\ {0,3}\=\ {0,3}((\/\\d\\/)?chr$\d+$\ {0,3}\.?\ {0,3}){4,};.*\$[a-z0-9]{1,3}$(chr\(\d+$.?){6,}.?,.?\$[a-z0-9]{1,3}\.?$.?\$[a-z0-9]{1,3}.?$.?,.?(chr$\d+$.?){3,}\)\;~iusU', 'regexp', 'PHP', 'Virus.Chr.0034', 1, 1, NULL, NULL, NULL, NULL),

0014

0048

0010

(10, 'd3d9446802a44259755d38e6d163e820', 0, 'quarantine', '~if {0,}\\( {0,}isset {0,}\\( {0,}\\$_POST {0,}\\[ {0,}[\'\"]submit[\'\"] {0,}\\] {0,}\\) {0,}\\).*\\$_POST {0,}\\[ {0,}[\'\"]from[\'\"] {0,}\\].*\\$_POST {0,}\\[ {0,}[\'\"]to[\'\"] {0,}\\].*mail {0,}\\( {0,}\\$to_add{0,}, {0,}\\$subject {0,}, {0,}\\$message {0,}, {0,}\\$headers {0,}\\).*\\<html\\>.*\\<form.*action {0,}= {0,}[\'\"]\\<\\?php {0,}echo {0,}htmlentities {0,}\\( {0,}\\$_SERVER {0,}\\[ {0,}[\'\"]PHP_SELF[\'\"] {0,}\\] {0,}\\); {0,}\\?\\>[\'\"].*input.*type {0,}= {0,}[\'\"]submit[\'\"].*html~iusU', 'regexp', 'PHP', 'Mailer.0049', 0, 1, NULL, NULL, '2016-05-22 14:29:48', NULL),```

0027

0019

0025

0028

0020

0041

0009

(9, '45c48cce2e2d7fbdea1afc51c7c6ad26', 0, 'cure', '~if\s{0,}$\s{0,}isset\s{0,}\(\$_COOKIE\s{0,}\[\s{0,}['"][a-z]{1,8}['"]\s{0,}\]\s{0,}$\s{0,}\)\s{0,}@\$_COOKIE\s{0,}\[\s{0,}['"][a-z]{1,8}['"]\s{0,}\]\s{0,}$\s{0,}\$_COOKIE\s{0,}\[\s{0,}['"][a-z]{1,8}['"]\s{0,}\]\s{0,}$\s{0,};~iuU', 'regexp', 'PHP', 'Cookie.Shell.0049', 1, 1, NULL, NULL, '2016-05-30 23:15:24', NULL),

0049

0045

0031

0017

0005

(5, 'e4da3b7fbbce2345d7772b0674a318d5', 0, 'delete', '~\$[a-zA-Z0-9]{4,12}\ ?\=\ ?['"].{10,50}['"]\ ?;\ ?\$[a-zA-Z0-9]{4,12}\ ?\=\ ?(\$[a-zA-Z0-9]{4,12}\[\d+\]\ ?.\ ?){4,}\$[a-zA-Z0-9]{4,12}\[\d+\];.chr$\d+$.;.['"]{2}[a-zA-Z0-9\/+=]+['"]{2}.\$[a-zA-Z0-9]{4,12}\[\d+\]\ ?,\ ?\$[a-zA-Z0-9]{4,12}\ {0,3},\ {0,3}['"]\d+['"].?\);~iusU', 'regexp', 'PHP', 'Virus.Encoded.0031', 1, 1, NULL, NULL, NULL, NULL),

0038

0023

0013

0035

0015

0039

0034

0001

(1, 'c4ca4238a0b923820dcc509a6f75849b', 0, 'delete', '~if.?$.?\$_GET.?\[.?.[a-z]{2,6}..?\].\$_POST.?\[.?.[a-z]{2,6}..?\].\$_POST.?\[.?.subj..?\].\$_POST.?\[.?.mes..?\].\$_POST.?\[.?.headers..?\].*if.?\(.?mail.?\(.?\$[a-z]{2,8}+\,.?\$[a-z]{2,8}\,.?\$[a-z]{2,8}\,.?\$[a-z]{2,8}.?$.?\).if.?$.?\!.?\$_POST.?\[.?.[a-z]{2,6}..?\].?\&\&.?\!.?\$_GET.?\[.?.[a-z]{2,6}..?\].?\&\&.?count.?\(.?\$_GET.?$.\$_GET.?\[.?\$[a-z]{2,}.?\];.*header.?$.?.location.?:.?http\:\/\/\{\$[a-z]{2,6}\}..?$;.{1,6}\}~iusU', 'regexp', 'PHP', 'Mailer.0030', 1, 1, NULL, '2016-03-29 19:12:00', '2016-03-29 19:12:00', NULL),

0011

0036

0003

(3, 'eccbc87e4b5ce2fe28308fd9f2a7baf3', 0, 'delete', '~assert.$.,0$;.{0,2}?\$.{1,8}.?\=.?['"][0-9A-H]{100,}['"].?\;.function.strlen.chr.\$.{2,8}.?\=.['"]e['"].['"]v['"].['"]a['"].['"]l['"].*assert.?$.?\$[a-zA-z0-9]{1,8}$;~iusU', 'regexp', 'PHP', 'Assert.0029', 1, 1, NULL, NULL, NULL, NULL),

0008

(8, 'c9f0f895fb98ab9159f51fd0297e236d', 0, 'delete', '~assert_options {0,}$ {0,}ASSERT_WARNING {0,}, {0,}\d+ {0,}$ {0,};.*\$.{2,4} {0,}= {0,}['"][A-Z0-9]{100,}['"] {0,};.*function {0,}hex2ascii.*for.*strlen.*chr.*hexdec.return.hex2ascii.\$[A-Z0-9]{1,6} {0,}= {0,}['"]e['"].(['"]{2} {0,}. {0,})+['"]v['"] {0,}. {0,}['"]a['"] {0,}. {0,}['"]l['"] {0,}. {0,}['"] {0,}$ {0,}\$.$['"] {0,};.*assert {0,}$ {0,}\$[A-Z] {0,}$ {0,};~iusU', 'regexp', 'PHP', 'Virus.Assert.0052', 1, 1, NULL, NULL, NULL, NULL),

0033

0007

(7, '8f14e45fceea167a5a36dedd4bea2543', 0, 'delete', '~(\$[a-zA-Z0-9]{1,12} {0,}\= {0,}'"{1,}['"] {0,};){1,}.*empty.*foreach.*addslashes.*echo.*strlen.*while {0,}$ {0,}\!feof.*list.*explode.foreach.\$[a-zA-Z]{1,} {0,}\= {0,}hexdec {0,}\( {0,}substr {0,}\( {0,}\$[a-zA-Z] {0,}, {0,}\d {0,}, {0,}\$[a-zA-Z] {0,}$ {0,}\) {0,};.*return {1,}strlen {0,}$\$[a-zA-Z]{1,}$;\}~iusU', 'regexp', 'PHP', 'Virus.Encoded.0051', 1, 1, NULL, NULL, NULL, NULL),