External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Output formatting argument

Browse Source
This commit is contained in:
Gabor Gyorvari
2018-09-05 13:01:21 +02:00
parent d17d6c01ba
commit f9647806c8
2 changed files with 91 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@@ -31,6 +31,7 @@ Usage: php scan.php -d <directory>
-p --pattern Show Patterns next to the file name
-t --time Show time of last file change
--line-number Display matching pattern line number in file
--output-format Custom defined output format
```
Ignore argument could be used multiple times and accept glob style matching ex.: "`cache*`", "`??-cache.php`" or "`/cache`" etc.
@@ -38,8 +39,22 @@ Ignore argument could be used multiple times and accept glob style matching ex.:
Extension argument defaults to "`.php`" and also can be used multiple times too.
* `--base64` is an alternative scan mode which ignores the main pattern files and uses a large list of php keywords and functions that have been converted to base64. Slower and prone to false positives, but gives additional base64 scanning coverage. These pattern files are located in base64_patterns and were derived from php 7 keywords and functions. Not many PHP extensions are included.
* `--comment` flag will display the last comment to appear in the pattern file before the matched pattern, so documenting the pattern files is important.
* `--pattern` flag will display the pattern string that was matched.
* `--comment` flag will display the last comment to appear in the pattern file before the matched pattern, so documenting the pattern files is important.
Output formatting
-----------------
Default output depending on the specified parameters, but the full format is "%S %T %M # {%F} %C %P # %L" and using ANSI coloring too.
Possible variables are:
* `%S` - matching indicator, possible values are OK, ER, WL
* `%T` - file change time
* `%M` - file md5 hash value
* `%F` - file with path
* `%P` - pattern
* `%C` - pattern comment
* `%L` - matching pattern line number
Patterns
--------
@@ -56,7 +71,7 @@ Whitelisting
See [whitelist.txt](https://github.com/scr34m/php-malware-scanner/blob/master/whitelist.txt) file for a predefined MD5 hash list. Only the first 32 characters are used, rest of the line ignored so feel free to leave a comment.
Tools
---------
-----
**text2base64.py**