Basic Backdoor Script Finder
Updated: June 24, 2013
The Basic Backdoor Script Finder is a simple tool that will find some of the most popular backdoor scripts that are placed on websites. It will not detect all possible backdoor scripts as that would require falsely identifying many files that are not backdoor scripts. In some cases a backdoor may be added to an existing file, so in those cases you will need to replace the version containing the backdoor with a clean version of the file. While it has been designed to not produce false-positives, you should check any files identified by it before deleting the files. If you do find a false-positive please let us know so that we improve the tool. It can detect the Gumblar backdoor, Web Shell by boff, Web Shell by oRb, Goog1e_analist, the backdoor that has been used with the recent NoNumber Framework exploit, other backdoors.
If your website does contain a backdoor script it is very important to determine how it got there because if you do not fix that vulnerability another backdoor script could be placed on the website.
To use the Basic Backdoor Script Finder:
- Download the tool: basicbackdoorscriptfinder.zip, basicbackdoorscriptfinder.bz2, or basicbackdoorscriptfinder.7z
- Uncompress the file
- Place it on the website, access the file in your web browser
- Enter the directory you want scanned
The tool will then display any files that it detects contain a backdoor script. The tool can also be used from the CLI.
- Hacked Website Cleanup
- Hacked Drupal Website Cleanup
- Hacked Joomla Website Cleanup
- Hacked Magento Store Cleanup
- Hacked MediaWiki Wiki Cleanup
- Hacked Moodle Website Cleanup
- Hacked osCommerce Store Cleanup
- Hacked phpBB Forum Cleanup
- Hacked WordPress Website Cleanup
- Hacked Zen Cart Store Cleanup