This is a simple tool to detect manipulated image files used in
web-injection attacks. A description can be found in the FireEye
report "Hot Knives Through Butter: Evading File-based Sandboxes".

One type (the one which can be detected by this tool) is just an image
file with html added after the end of image data.


You need a C++ compiler installed. The following libraries are used:

 * libjpeg
 * libjsoncpp

Tools needed for the building process:

 * pkg-config

Just type make to build dewebjector.


Type and the command line

     dewebjector <file1> ...

It will print in each line the file name and if the file is malicious
or benign.


Following features should be implemented:

 * Detect if file is really an image.
 * Provide better detection method for image files.
 * Analyse structure of an image file.
 * Needs more detection levels (unknown, suspicious, benign,
   malicious, error, etc.)