安装ssdeep
$wget http://sourceforge.net/projects/ssdeep/files/ssdeep-2.13/ssdeep-2.13.tar.gz/download $mv dowonload download.tar.gz $tar -zxf download.tar.gz $cd ssdeep-2.13 $./configure $make $sudo make install #确认安装无误 $ssdeep -V(大写)
准备恶意程序并使用ssdeep提取hash
ssdeep ./webshell/* >badhash
在服务器上使用badhash查找
ssdeep -t 50 -m badhash /var/www/* -r >logn