You may already know some of the open-source tools developed by NBS System: NAXSI, an applicative firewall module for NGINX, or PHP Malware Finder, a tool scanning PHP and ASP applications looking for files containing malevolent code.

Our cybersecurity experts continually work on these tools, making them evolve… and they develop new ones! We are thus today happy to introduce you to their last two creations: MOWR and Mapster.

MOWR, the file comparator

MOWR, for More Obvious Web-malware Repository, is a web application allowing to test the legitimity of a PHP or ASP file. Like a flight comparator, and freely inspired from Virustotal, it tests submitted files on different scanners and softwares, in order to know in the most certain way whether it is a potentially malevolent file.

It is very easy to use: download the tool on Github and install it on your server. You then only have to launch the application, and a simple drag and drop of the file on the latter enables you to start the scan and get the result.

MOWR interface

PHP Malware Finder will even show you, in this result, the type of problem spotted on the file: in the example below, the file is obfuscated. The scale, on the top right corner, gives you an indication on the legitimacy of the file with just one look!

MOWR Analyse

For now, MOWR gathers two scanners: PHP Malware Finder and ClamAV, an open antivirus engine spotting malware among other things. But other software will come! Our experts count on your contributions and propositions to add new scanners… and on your feedback! Go to MOWR’s Github page for more…

Mapster, a 3D data map

Mapster is the first Kibana module enabling to see in real time, on a 2D or 3D map, the data of this web interface. Kibana’s graphs are not always understandable by cybersecurity novices; this visualization mode simplifies the reading of this data.

Open source Mapster map mapster-globe_small

NBS System’s team uses it internally, to show our clients the errors registered by NGINX, Apache’s 404 errors, as well as the bans of any suspect IP visiting their website. Our experts also use this tool to watch the volumetry of these events, since a massive flow increase is immediately visible on the map!

Of course, this is only one possible use among others. Feel free to use this tool, give feedback to our team, and contribute on Mapster’s Github page!

Source : Julien Reveret

Lucie Saunois
Lucie Saunois
IT aficionado, specifically when it comes to cybersecurity, since she joined OT Group in 2015, Lucie specializes in making technical, and often complex, topics understandable by anyone.