Detect Shell is a tool developed by Amit Malik for the presence of Shell Codes within a file or network traffic. With it you can analyze binary (as generated by Metasploit for example) or files to a network stream (capturing traffic with tcpdump / wireshark ).
Today attackers distribute malicious files containing Shell Codes hidden. When you open these files, the Shell Code run in silence , which compromises the integrity of the system. This is more dangerous when the operation is ” Zero Day ” , and not be detected by the signature traditional of anti-virus . In these cases ShellDetect help to identify the presence of Shell Codes and assist in the task of keeping the system safe .
To run ShellDetect need to install Python also recommend running it on a virtual machine
( VMware / VirtualBox ) as the tool is still very beta and Shell escape him even more advanced Codes, but the important thing is to detect those of Metasploit which are the most used.
The use of the tool is very easy (and for now just runs under Windows XP ), simply use the console: ShellDetect.py file_name and parses the file or the network traffic captured.
First analyzing a file (pgeneric-12.txt), then network traffic captured (network_stream).
As I said above, the tool is in beta, but I find it very useful and I see enough future.
ShellDetect Download v1.0
Post a Comment