Skip to Main Content

Basic Backdoor Script Finder

Updated: June 24, 2013

The Basic Backdoor Script Finder is a simple tool that will find some of the most popular backdoor scripts that are placed on websites. It will not detect all possible backdoor scripts as that would require falsely identifying many files that are not backdoor scripts. In some cases a backdoor may be added to an existing file, so in those cases you will need to replace the version containing the backdoor with a clean version of the file. While it has been designed to not produce false-positives, you should check any files identified by it before deleting the files. If you do find a false-positive please let us know so that we improve the tool. It can detect the Gumblar backdoor, Web Shell by boff, Web Shell by oRb, Goog1e_analist, the backdoor that has been used with the recent NoNumber Framework exploit, other backdoors.

If your website does contain a backdoor script it is very important to determine how it got there because if you do not fix that vulnerability another backdoor script could be placed on the website.

To use the Basic Backdoor Script Finder:

The tool will then display any files that it detects contain a backdoor script. The tool can also be used from the CLI.