A malware web scanner
Project description
A malware (web) scanner developed during CyperCamp Hackathon 2017
About
Features
Scan any website for malware using OWASP WebMalwareScanner checksum and YARA rules databases
Perform some cleaning operations to improve website protection
Monitor the website for changes. Details are written in a log file
Custom website support
Scan your site to know if it has been infected with some malware
List your local backups
Logging support
Backup your site
Restore website
WordPress support
Scan your site to know if it has been infected with some malware
Scan for suspect files and compare with a clean installation
Clean up your site to avoid giving extra information to attackers
Backup your site (to recover later if you need)
List your local backups
Logging support
Restore website
Requirements
First of all, notice that this tool is developed under Linux and, at the moment, it has been tested only under this Operating System
Python >= 3
Some Python libraries
python-magic
yara-python
watchdog
termcolor
pypandoc
santi@zenbook:$ pip3 install python-magic yara-python watchdog termcolor pypandoc
Notice
masc is developed under Linux and it has not been tested under any other Operating System.
Anyway, it should run without problems under any Unix-friendly OS. In particular, in Mac OSX I have noticed it’s neccesary to install Homebrew to use python-magic library propery as libmagic. Check first the previous link to the brew homepage and then you will be able to install as I show below:
santi@zenbook:$ brew install libmagic
Installation
To install masc on your computer, you can download a release, untar it and try. You can also install it usign pip (‘pip3 install masc’)
Usage
masc 0.1 (http://github.com/sfaci/masc)
usage: masc.py [-h] [--add-file FILENAME] [--add-word STRING] [--clean-cache]
[--clean-site] [--list-backups] [--list-logs] [--make-backup]
[--monitor] [--name NAME] [--rollback] [--scan PATH]
[--site-type {wordpress,drupal,custom}]
optional arguments:
-h, --help show this help message and exit
--add-file FILENAME Add a suspect file to the dictionary
--add-word STRING Add a suspect content to the dictionary
--clean-cache Clean masc cache (cache and logs files, NO backups)
--clean-site Clean up the site to hide information to attackers
--list-backups List local backups
--make-backup Create a local backup of the current installation
--monitor Monitor site to detect changes
--name NAME Name assigned to the scanned installation
--rollback Restore a local backup
--scan PATH Scan an installation at the given PATH
--site-type {wordpress,drupal,custom}
which type of web you want to scan:: wordpress,
joomla, drupal or magento
Test
There is a repository in the Docker Hub to perform tests masc-wordpress
Documentation
You can find a complete tutorial about how to use masc in the wiki
Thanks
Thanks to OWASP WebMalwareScanner for some ideas and the signatures databases with checksums and YARA rules (and how to load it to work with).
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.