External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'composer'

Browse Source
This commit is contained in:
Gabor Gyorvari
2018-03-06 19:59:24 +01:00
parent 4149728e2b 4485b48e52
commit 76d1a6f7d8
2 changed files with 127 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
composer.json Normal file
View File

@@ -0,0 +1,13 @@
{
"name": "scr34m/php-malware-scanner",
"type": "library",
"description": "Scans PHP files for malwares and known threats",
"keywords": ["malware", "scanner", "commandline"],
"license": "GPL-3.0",
"homepage": "https://github.com/scr34m/php-malware-scanner",
"require": {
"php": ">=5.2.0"
},
"autoload": {
}
}

156
scan.php
View File

@@ -26,7 +26,7 @@ class MalwareScanner
private $ANSI_OFF = "\033[0m";
private $dir = '';
private $extension = array ('.php');
private $extension = array('.php');
private $flagBase64 = false;
private $flagChecksum = false;
private $flagComments = false;
@@ -35,7 +35,8 @@ class MalwareScanner
private $flagNoStop = false;
private $flagPattern = false;
private $flagTime = false;
private $extraCheck = false;
private $flagExtraCheck = false;
private $flagFollowSymlink = false;
private $whitelist = array();
private $ignore = array();
private $stat = array(
@@ -43,7 +44,6 @@ class MalwareScanner
'files_scanned' => 0,
'files_infected' => 0,
);
private $followSymlink = false;
//Pattern File Attributes
private $patterns_raw = array();
@@ -52,14 +52,28 @@ class MalwareScanner
private $patterns_b64functions = array();
private $patterns_b64keywords = array();
//Constructor - Likes to do as little as possible.
public function __construct()
/**
* MalwareScanner constructor.
*
* @param bool $cli defines its calling from commandline or using as a library, default is true
*/
public function __construct($cli = true)
{
//Read Run Options
$this->parseArgs();
if ($cli === true) {
//Read Run Options
$this->parseArgs();
//Initiate Scan
$this->run($this->dir);
//Make sure a directory was specified.
if ($this->dir === '') {
$this->error('No directory specified');
exit(-1);
}
//Initiate Scan
if (!$this->run($this->dir)) {
exit(-1);
}
}
}
//Allows the -n/--no-color flag to easily remove color characters.
@@ -79,7 +93,6 @@ class MalwareScanner
echo $this->ANSI_RED . 'Error: ' . $msg . $this->ANSI_OFF . PHP_EOL;
$this->showHelp();
echo PHP_EOL . $this->ANSI_RED . 'Quiting' . PHP_EOL;
exit(-1);
}
//Handles pattern loading and saving to the class object
@@ -98,7 +111,7 @@ class MalwareScanner
//Adds additional checks to patterns_raw
//This may be something to move into a pattern file rather than leave hardcoded.
if ($this->extraCheck) {
if ($this->flagExtraCheck) {
$this->patterns_raw['googleBot'] = '# ';
$this->patterns_raw['htaccess'] = '# ';
}
@@ -203,61 +216,121 @@ class MalwareScanner
if (!is_array($a)) {
$a = array($a);
}
$this->extension = array();
foreach ($a as $ext) {
if ($ext[0] != '.') {
$ext = '.' . $ext;
}
$this->extension[] = strtolower($ext);
}
$this->setExtensions($a);
}
if (isset($options['ignore']) || isset($options['i'])) {
$tmp = isset($options['ignore']) ? $options['ignore'] : $options['i'];
$this->ignore = is_array($tmp) ? $tmp : array($tmp);
$this->setIgnore(is_array($tmp) ? $tmp : array($tmp));
}
//Simple Flag Options
if (isset($options['all-output']) || isset($options['a'])) {
$this->flagChecksum = true;
$this->flagComments = true;
$this->flagPattern = true;
$this->flagTime = true;
$this->setFlagChecksum(true);
$this->setFlagComments(true);
$this->setFlagPattern(true);
$this->setFlagTime(true);
}
if (isset($options['base64']) || isset($options['b'])) {
$this->flagBase64 = true;
$this->setFlagBase64(true);
}
if (isset($options['checksum']) || isset($options['m'])) {
$this->flagChecksum = true;
$this->setFlagChecksum(true);
}
if (isset($options['comment']) || isset($options['c'])) {
$this->flagComments = true;
$this->setFlagComments(true);
}
if (isset($options['extra-check']) || isset($options['x'])) {
$this->extraCheck = true;
$this->setFlagExtraCheck(true);
}
if (isset($options['follow-symlink']) || isset($options['l'])) {
$this->followSymlink = true;
$this->setFlagFollowSymlink(true);
}
if (isset($options['hide-ok']) || isset($options['k'])) {
$this->flagHideOk = true;
$this->setFlagHideOk(true);
}
if (isset($options['hide-whitelist']) || isset($options['w'])) {
$this->flagHideWhitelist = true;
$this->setFlagHideWhitelist(true);
}
if (isset($options['no-color']) || isset($options['n'])) {
$this->disableColor();
}
if (isset($options['no-stop']) || isset($options['s'])) {
$this->flagNoStop = true;
$this->setFlagNoStop(true);
}
if (isset($options['pattern']) || isset($options['p'])) {
$this->flagPattern = true;
$this->setFlagPattern(true);
}
if (isset($options['time']) || isset($options['t'])) {
$this->flagTime = true;
$this->setFlagTime(true);
}
}
public function setExtensions(array $a)
{
$this->extension = array();
foreach ($a as $ext) {
if ($ext[0] != '.') {
$ext = '.' . $ext;
}
$this->extension[] = strtolower($ext);
}
}
public function setIgnore(array $a)
{
$this->ignore = $a;
}
public function setFlagChecksum($b)
{
$this->flagChecksum = $b;
}
public function setFlagComments($b)
{
$this->flagComments = $b;
}
public function setFlagPattern($b)
{
$this->flagPattern = $b;
}
public function setFlagTime($b)
{
$this->flagTime = $b;
}
public function setFlagBase64($b)
{
$this->flagBase64 = $b;
}
public function setFlagExtraCheck($b)
{
$this->flagExtraCheck = $b;
}
public function setFlagFollowSymlink($b)
{
$this->flagFollowSymlink = $b;
}
public function setFlagHideOk($b)
{
$this->flagHideOk = $b;
}
public function setFlagHideWhitelist($b)
{
$this->flagHideWhitelist = $b;
}
public function setFlagNoStop($b)
{
$this->flagNoStop = $b;
}
// @see http://stackoverflow.com/a/13914119
private function pathMatches($path, $pattern, $ignoreCase = false)
{
@@ -370,7 +443,7 @@ class MalwareScanner
if ($this->isIgnored($dir . $file)) {
continue;
}
if (!$this->followSymlink && is_link($dir . $file)) {
if (!$this->flagFollowSymlink && is_link($dir . $file)) {
continue;
}
if (is_dir($dir . $file)) {
@@ -401,17 +474,13 @@ class MalwareScanner
//Validates the input directory
//Calls the load pattern and load whitelist functions
//Calls the process and report functions.
private function run($dir)
public function run($dir)
{
//Make sure a directory was specified.
if ($this->dir === '') {
$this->error('No directory specified');
}
//Make sure the input is a valid directory path.
$dir = rtrim($dir, '/');
if (!is_dir($dir)) {
$this->error('Specified path is not a directory: ' . $dir);
return false;
}
//Load Patterns
@@ -423,6 +492,7 @@ class MalwareScanner
$start = time();
$this->process($dir . '/');
$this->report($start, $dir . '/');
return true;
}
//Loads target file contents for scanning
@@ -531,5 +601,7 @@ class MalwareScanner
}
//Creates a new MalwareScanner object which does all the work.
new MalwareScanner();
// script it's self called and not included
if (isset($argv[0]) && realpath($argv[0]) == realpath(__FILE__)) {
new MalwareScanner();
}