GitHub - p25072004/NginxCheck: Detect NginxStealth
Skip to content

p25072004/NginxCheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
bin
bin
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config
config
 
 
ngx_http_check_headers_module.c
ngx_http_check_headers_module.c
 
 

Repository files navigation

NginxCheck

Info

Detect NginxStealth

This module list the address :

  1. checker and handler in ngx_http_core_main_conf_t -> phase_engine -> handlers
  2. elts in ngx_http_core_main_conf_t -> phases[NGX_HTTP_LOG_PHASE] -> handlers

Tested on nginx version: nginx/1.18.0

This module is modified from https://github.com/vgo0/nginx-backdoor

Usage

curl -H "check: on" <c2 address>

Compile

sudo ./configure --add-dynamic-module=<module path> 
# for self-compiled version

sudo ./configure --add-dynamic-module=<module path> --with-compat # for compiled version

sudo make modules
#Compile module

Install

sudo cp objs/ngx_http_check_headers_module.so <nginx_module_path>

load_module <path_to_your_module>/ngx_http_check_headers_module.so;
# Modify nginx.conf

sudo nginx -s reload
# Reload the configuration file without disconnecting current established connections

Example Result

About

Detect NginxStealth

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages