{SyncShield}

Detect CVE-2018-5764 Vulnerabilities Locally in Rsync Commands

See SyncShield in Action

Watch how SyncShield detects unsafe commands and secures your data transfer in real-time.

Rsync & CVE-2018-5764

Understand how Rsync works — and why missing --protect-args can lead to remote command execution.

What is Rsync?

Rsync is a powerful utility for file synchronization between systems, commonly used for backups, mirroring, and remote transfers.

rsync -av /source/ user@host:/destination/

-a: Archive mode
-v: Verbose output

CVE-2018-5764 Explained

This vulnerability occurs when Rsync is executed without --protect-args. User input can be interpreted as shell commands on the destination server.

Danger: Remote command execution → full server control

Unsafe Command

rsync -av /src user@host:/dest

⚠️ Missing --protect-args → Risk of command injection

Secure Command

rsync -av --protect-args /src user@host:/dest

✅ With --protect-args → Safe transfer

Network Diagram

Source Client: Sends Rsync command
Network: Transmits securely via SSH
Destination: Executes received commands

Key Features

All-in-one Rsync security assistant — detect, analyze, and secure your commands instantly.

Rsync Argument Analyzer

Scans for missing --protect-args and other risky syntax.

Unsafe Input Detection

Identifies shell-injectable patterns in user commands.

Real-Time Alerts

Notifies you instantly when unsafe parameters are detected.

Mitigation Guidance

Shows clear fixes and secure examples for each issue.

Offline Usage

Runs locally without Internet — full privacy guaranteed.

User-Friendly Interface

Clean and intuitive dashboard for quick command checks.

Install SyncShield Extension

Get started in minutes — follow these quick setup steps.

Download SyncShield (.zip)

Download the SyncShield Extension using the button above.

Unzip the downloaded file into a folder on your computer.

Open your browser (Chrome / Edge / Brave).

Go to chrome://extensions/ and enable Developer Mode.

Click Load unpacked and select the extracted folder.

The SyncShield icon will now appear in your extensions toolbar!

Step-by-Step Command Builder Guide

Learn how SyncShield helps you create secure rsync commands while preventing argument-injection attacks.

1. Launch the Extension

Click the SyncShield icon in your browser toolbar to open the main dashboard.

2. Open the Command Builder

Go to the Command Builder tab to safely create your rsync command.

3. Select Source and Destination

Source: [Source Path]
Destination: [Username]@[Host's IP]:Destination Path

4. Choose Security Options

Select Rsync options to enhance performance and security during command building.

-a (Archive): Keeps file structure, permissions, and timestamps.
-v (Verbose): Displays detailed transfer progress in terminal.
-z (Compress): Reduces data size during transfer for speed.
--progress: Shows live transfer updates in real-time.
--checksum: Verifies data integrity to ensure accurate sync.
--protect-args: Prevents command injection by sanitizing filenames.

5. Build and Preview the Command

rsync -avz --protect-args /home/kali/Desktop/project/ user@192.168.1.105:/backup/

6. Copy or Execute Securely

Once verified, copy the command or send it to the backend for safe execution.

7. Receive Security Alerts

If a dangerous pattern or missing flag is detected, you’ll receive a real-time alert in the GUI.

About Us

MUHAMMAD NUR FAIZ BIN AHMAD FAUZI

Project Manager & Testing Lead

ID: NWS23070251

WAN MUHAMMAD AFIFUDDIN BIN WAN AHMAD

Backend & Functionality Developer

ID: NWS23070157

WALEED ADAM BIN RIZA FAROUK

Frontend & UI/UX Developer

ID: NWS23070265

ROSHAZNE ELIA BINTI MOHD ROSHIDI

Security Analyst & Resource Coordinator

ID: NWS23070105

Project Details

Supervisor: Sir Amir Hakeem

Intake: July 2023

Course: CID

Group: FYPG3 NWS129/23B

Objective: Develop a browser extension that detects CVE-2018-5764 vulnerabilities in Rsync commands.