mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Minor README update
This commit is contained in:
13
README.md
13
README.md
@@ -45,9 +45,9 @@ Patterns
|
|||||||
|
|
||||||
There are three main pattern files the cover different types of pattern matching. There is one pattern per line. All lines where the very first character is a "`#`" is considered a comment and not used as a pattern. Whitespace in the pattern files is not used.
|
There are three main pattern files the cover different types of pattern matching. There is one pattern per line. All lines where the very first character is a "`#`" is considered a comment and not used as a pattern. Whitespace in the pattern files is not used.
|
||||||
|
|
||||||
* `-patterns_raw.txt` - Raw string matching
|
* `patterns_raw.txt` - Raw string matching
|
||||||
* `-patterns-iraw.txt` - Case insensitive raw string matching
|
* `patterns-iraw.txt` - Case insensitive raw string matching
|
||||||
* `-patterns-re.txt`- Regular expression matching.
|
* `patterns-re.txt`- Regular expression matching.
|
||||||
|
|
||||||
Whitelisting
|
Whitelisting
|
||||||
------------
|
------------
|
||||||
@@ -62,17 +62,12 @@ Tools
|
|||||||
Takes a plaintext string as input and returns 3 base64 string equivalents.
|
Takes a plaintext string as input and returns 3 base64 string equivalents.
|
||||||
Python script that needs to be executed from the terminal to be used.
|
Python script that needs to be executed from the terminal to be used.
|
||||||
|
|
||||||
Marking as executable is required.
|
|
||||||
```
|
|
||||||
~$ chmod +x text2base64.py
|
|
||||||
```
|
|
||||||
|
|
||||||
It is worth noting that the presence of one of the three output strings in a block of text does not 100% guarantee that the string was
|
It is worth noting that the presence of one of the three output strings in a block of text does not 100% guarantee that the string was
|
||||||
present in the original code. It is guaranteed that IF the subject string was present in the original code, then one of the three
|
present in the original code. It is guaranteed that IF the subject string was present in the original code, then one of the three
|
||||||
output strings will be present in the base64 version.
|
output strings will be present in the base64 version.
|
||||||
|
|
||||||
```
|
```
|
||||||
./text2base64.py 'base64_decode'
|
$ python tools/text2base64.py 'base64_decode'
|
||||||
YmFzZTY0X2RlY29kZ
|
YmFzZTY0X2RlY29kZ
|
||||||
Jhc2U2NF9kZWNvZG
|
Jhc2U2NF9kZWNvZG
|
||||||
iYXNlNjRfZGVjb2Rl
|
iYXNlNjRfZGVjb2Rl
|
||||||
|
|||||||
Reference in New Issue
Block a user