External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added long single line PHP code pattern

Browse Source 
One common tactic is to shove all of your PHP code into a single line, often contained within its own PHP tags, and drop it into any .php file that you want.  This pattern should detect if more than 750 characters are contained within PHP tags on a single line.
This commit is contained in:
nichogenius
2017-08-15 12:03:19 -06:00
committed by GitHub
parent ab8a6c471a
commit 19589b8311
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
patterns_re.txt
View File

@@ -29,3 +29,7 @@ chr\s*\(\s*['"]?\s*((95)|(0[Xx]5[Ff]))\s*['"]?\s*\)
#Detects generic base64 strings longer than 260 characters enclosed in quotes ending with 0-3 '=' chars. #Detects generic base64 strings longer than 260 characters enclosed in quotes ending with 0-3 '=' chars.
#260 was a threshold chosen because strings of 256 characters are common enough. Might increase later to reduce false positives. #260 was a threshold chosen because strings of 256 characters are common enough. Might increase later to reduce false positives.
['"][A-Za-z0-9+\/]{260,}={0,3}['"] ['"][A-Za-z0-9+\/]{260,}={0,3}['"]
#Detects long single lines contained within PHP tags.
#We can increase from 750 later if we need to.
^.*<\?php.{750,}\?>.*$