Protect Your Service
from Malicious File Uploads
Nightwatch scans uploaded files for web shells, disguised executables, and malicious documents before they reach your storage. Add protection with a single API call.
What WAF Can't Catch
A WAF inspects HTTP request patterns (SQL injection, XSS). But when a user uploads a PHP web shell disguised as a JPEG through a perfectly normal POST request, the WAF sees nothing wrong. Nightwatch inspects the file content itself.
Web Shell Upload
PHP/JSP shells disguised as images — the #1 server compromise vector
Disguised Executables
ELF/PE binaries with .jpg/.pdf extensions
Malicious Documents
Office macros, PDF exploits, polyglot files
Cryptominers
Mining binaries uploaded via vulnerable endpoints
Integration Methods
Agent Install
5 minInstall on server, monitors upload directories automatically. No code changes.
API Integration
30 minAdd scan API call before saving uploaded files. Works with any language.
AWS EB / Docker
Next deployAdd config file to your deployment package. Auto-installs on deploy.
Method 1: Agent Install
One command. No code changes. Works on any Linux server.
curl -sL https://install.aientrophy.com/agent | sudo bash -s -- --key YOUR_API_KEY
Method 2: API Integration
Add a scan call before your upload logic. If the file is malicious, reject it.
Endpoint
POST https://nightwatch.aientrophy.com/api/v1/scanResponse
{
"status": "clean", // "clean" | "suspicious" | "malicious"
"malware_name": null, // malware name if detected
"severity": null, // "critical" | "high" | "medium" | "low"
"ai_analysis": "..." // AI explanation
}Code Examples
$ch = curl_init('https://nightwatch.aientrophy.com/api/v1/scan');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTPHEADER => ['x-api-key: YOUR_API_KEY'],
CURLOPT_POSTFIELDS => ['file' => new CURLFile($tmp_path)],
]);
$result = json_decode(curl_exec($ch), true);
if ($result['status'] === 'malicious') {
die('Upload blocked: malware detected');
}const form = new FormData();
form.append('file', fileBuffer, filename);
const res = await fetch('https://nightwatch.aientrophy.com/api/v1/scan', {
method: 'POST',
headers: { 'x-api-key': 'YOUR_API_KEY' },
body: form,
});
const { status } = await res.json();
if (status === 'malicious') {
throw new Error('Upload blocked: malware detected');
}import httpx
resp = httpx.post(
'https://nightwatch.aientrophy.com/api/v1/scan',
headers={'x-api-key': 'YOUR_API_KEY'},
files={'file': (filename, file_bytes)},
timeout=30,
)
if resp.json()['status'] == 'malicious':
raise Exception('Upload blocked: malware detected')MultiValueMap<String, Object> body = new LinkedMultiValueMap<>();
body.add("file", new ByteArrayResource(file.getBytes()) {
@Override public String getFilename() { return file.getOriginalFilename(); }
});
HttpHeaders headers = new HttpHeaders();
headers.set("x-api-key", "YOUR_API_KEY");
ResponseEntity<Map> resp = restTemplate.exchange(
"https://nightwatch.aientrophy.com/api/v1/scan",
HttpMethod.POST, new HttpEntity<>(body, headers), Map.class);
if ("malicious".equals(resp.getBody().get("status")))
return ResponseEntity.badRequest().body("Malware detected");body := &bytes.Buffer{}
writer := multipart.NewWriter(body)
part, _ := writer.CreateFormFile("file", filename)
part.Write(fileBytes)
writer.Close()
req, _ := http.NewRequest("POST",
"https://nightwatch.aientrophy.com/api/v1/scan", body)
req.Header.Set("x-api-key", "YOUR_API_KEY")
req.Header.Set("Content-Type", writer.FormDataContentType())
resp, _ := http.DefaultClient.Do(req)
// Check resp for "malicious" statusError Handling: Fail-Open
If the Nightwatch API is unreachable, allow the upload. A security tool should never break your service availability. All code examples follow this principle.
Performance Impact
| File Size | Local Scan | With Cloud AI |
|---|---|---|
| < 1 MB | ~50ms | ~8s |
| 1–10 MB | ~200ms | ~12s |
| 10–50 MB | ~1s | ~20s |
Cloud AI is only invoked for suspicious files. Clean files pass through local scan in milliseconds.