Skip to content

feat: detect ASP web shells #4063

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 1, 2025
Merged

feat: detect ASP web shells #4063

merged 7 commits into from
Apr 1, 2025

Conversation

@Xhoenix
Copy link
Member

@Xhoenix Xhoenix commented Mar 30, 2025

@github-actions
Copy link
Contributor

github-actions bot commented Mar 30, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@azurit
Copy link
Member

azurit commented Mar 30, 2025

Let's create rule similar to 955100 with it's own file for @pmFromFile for ASP web shells. I have two more ASP shells.

@Xhoenix Xhoenix changed the title feat: added new aspx web shell feat: detect asp web shells Mar 30, 2025
@Xhoenix Xhoenix changed the title feat: detect asp web shells feat: detect ASP web shells Mar 30, 2025
@fzipi
Copy link
Member

fzipi commented Mar 31, 2025

Can you also add tests, now that we are adding a new rule id?

@Xhoenix
Copy link
Member Author

Xhoenix commented Apr 1, 2025

Waiting for @azurit to add the other two ASP shells he mentioned, after that I'll add the tests.

@azurit
Copy link
Member

azurit commented Apr 1, 2025

@Xhoenix Done.

@Xhoenix
Copy link
Member Author

Xhoenix commented Apr 1, 2025

LGTM 😊

fzipi
fzipi approved these changes Apr 1, 2025
View reviewed changes
Copy link
Member

@fzipi fzipi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice team work! 🙌

@fzipi fzipi added the release:new-detection In this PR we introduce a new detection label Apr 1, 2025
@Xhoenix Xhoenix added this pull request to the merge queue Apr 1, 2025
Merged via the queue into coreruleset:main with commit 6da0d75 Apr 1, 2025
6 checks passed
@Xhoenix Xhoenix deleted the add-new-aspx-webshell branch April 1, 2025 12:20
@fzipi fzipi mentioned this pull request Apr 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi approved these changes

Assignees

No one assigned

Labels

release:new-detection In this PR we introduce a new detection

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Xhoenix @azurit @fzipi