WebshellChop

A novel Webshell detection engine

Q: What is WebshellChop? How does it work?

A: WebshellChop is a novel webshell detection engine. However, now it can only analyze and detect PHP files. It works using abstract syntax tree analysis and regular expression matching on PHP file. Unlike common detector, no compiler and no sandbox did we use. Benchmark tests show that WebshellChop really works like a charm on detecting webshell, with both precision and recall at a very high level.

Q: How to use WebshellChop?

A: Choose a sample file (till now PHP limited), and choose whether it is a webshell. WebshellChop will give you the result level and relevant value in a blink of an eye.

Q: Why did it give me the wrong result / mismatched level?

A: It is a new borned product, we are doing our best to enrich our rule database and to deal with unexcepted case. Every wrong result will be logged and we promise to update. For mismatched level, if you are a staff, please contact the developer.

Processing flow