External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
85 Commits 2 Branches 32 Tags
2b9bfa4037e5b56cc71bb21e512a6c022ca04f42
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
nichogenius 2b9bfa4037 Updated with new Usage Information 
Updated with new Usage Information - Mostly just new flags.
2017-08-20 13:10:34 -06:00
b64p.py
this is not a bug... just fixing a bad bug fix
2017-07-28 06:33:07 -06:00
LICENSE.txt
Fix LICENSE file
2017-02-22 13:58:07 +01:00
patterns_iraw.txt
obfuscat is too common, causes fp's
2017-07-28 03:16:19 -06:00
patterns_raw.txt
added b64 pattern for 'require'
2017-08-19 17:05:23 -06:00
patterns_re.txt
Added comment lines for each regex
2017-08-19 17:24:04 -06:00
php_functions.txt
Renamed to match naming conventionsi
2017-07-31 12:35:01 -06:00
php_keywords.txt
Copied comments from php_functions.php
2017-07-31 12:38:27 -06:00
README.md
Updated with new Usage Information
2017-08-20 13:10:34 -06:00
scan.php
2 typos = 1 fixed bug
2017-08-19 22:29:23 -06:00
whitelist.txt
Two-key sorting is better
2017-07-25 23:50:42 -06:00

README.md

PHP malware scanner

Traversing directories for files with php extensions and testing files against text or regexp rules, the rules based on self gathered samples and publicly vailable malwares/webshells. The goal is to find infected files and fight against kiddies, because to easy to bypass rules.

How to use?

Usage: php scan.php -d <directory>
    -h                   --help             Show this help message
    -d <directory>       --directory        Directory for searching
    -e <file extension>  --extension        File Extension to Scan
    -i <directory|file>  --ignore           Directory of file to ignore
    -a                   --all-output       Enables --checksum,--comment,--pattern,--time
    -b                   --base64           Scan for base64 encoded PHP keywords
    -m                   --checksum         Display MD5 Hash/Checksum of file
    -c                   --comment          Display comments for matched patterns
    -x                   --extra-check      Adds GoogleBot and htaccess to Scan List
    -l                   --follow-symlink   Follow symlinked directories
    -k                   --hide-ok          Hide results with 'OK' status
    -w                   --hide-whitelist   Hide results with 'WL' status
    -n                   --no-color         Disable color mode
    -s                   --no-stop          Continue scanning file after first hit
    -p                   --pattern          Show Patterns next to the file name
    -t                   --time             Show time of last file change

Ignore argument could be used multiple times and accept glob style matching ex.: "cache*", "??-cache.php" or "/cache" etc.

Patterns

There are two different pattern source, each line in these files is a patter so patterns_raw.txt lines searched as-is, patterns_re.txt used with preg_match function.

Whitelisting

See whitelist.txt file for a predefined MD5 hash list. Only the first 32 characters are used, rest of the line ignored so feel free to leave a comment.

Resources

Licensing

PHP malware scanner is licensed under the GNU General Public License v3.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
command-line-toolmalwarephpscanner
Readme 20 MiB
Languages
PHP 95%
Python 4.4%
Dockerfile 0.6%