# DETECT

![](/files/-MBRrNik4w8OXCtW_uSA)

### 命令

#### search

```
    search

    Search file(s) from target system (Support regular expression).

    eg: search {pattern} {web_file_path="."}
    
    Command Args:
        -p,--pattern(*)             [str] pattern

        -w,--web_file_path          [str] web_file_path (Default: '.')

```

用于在指定目录下递归搜索文件，支持使用正则表达式，格式为`search {正则表达式} {搜索路径}`。

#### fwpf

```
    fwpf

    Search writable php files from target system.

    eg: fwpf {web_file_path=webroot}
    
    Command Args:
        -fp,--web_file_path         [str] web_file_path (Default: '')
```

递归查找指定目录下可写的php文件，格式为`fwpf {搜索路径}`。

#### fc

```
    fc

    Search config file from target system.

    eg: fc {web_file_path=webroot}
    
    Command Args:
        -fp,--web_file_path         [str] web_file_path (Default: '')

```

递归查找指定目录下疑似配置文件的文件，比如形如文件名包含`cfg config db database`的文件，格式为`fc {搜索路径}`。

#### fl

```

    fl

    Search log file (access.log,error.log) from target system.

    eg: fl {web_file_path="/var"}

    Command Args:
        -fp,--web_file_path              [str] web_file_path (Default: '/var')

```

递归查找指定目录下疑似日志文件的文件，比如形如文件名包含`access.log error.log`的文件，格式为`fc {搜索路径}`。

#### priv

```

    priv

    (Only for *unix) Find all files with suid belonging to root and try to get privilege escalation tips.
    ps:use & to split find_path

    eg: priv {find_path="/usr&/bin"}
    
    Command Args:
        -p,--find_path                   [str] find_path (Default: '/usr&/bin')

```

(仅限于\*unix)寻找拥有suid，属于root的文件，并根据结果显示提权帮助，默认在/usr和/bin目录进行寻找，若要自定义路径可以使用&来分割多个路径。

#### checkvm

```
    checkvm

    Simply check whether the machine is a virtual machine.
```

简单的检测目标机器是否是虚拟机。

#### av

```
    av

    (Only for windows) Detect anti-virus software running on the target system.
    ps: Need to run system commands

    Origin: https://github.com/BrownFly/findAV
```

(仅限于windows)检测在目标系统中运行的杀毒软件。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doughnuts3.gitbook.io/doughnuts/jin-jie/webshell/detect.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.