From 4eeaee75bad00614ee52ed7b6a5ca9e2c6a9ab05 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Thu, 27 Dec 2018 12:14:59 +0100
Subject: [PATCH] changed scores

---
 scan.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scan.py b/scan.py
index 3e90e41..dd8f375 100644
--- a/scan.py
+++ b/scan.py
@@ -198,7 +198,7 @@ scoring = {
   'BASE64_STRING':            (50, u'base64 string found'),
   'CRYPT_PHP':                (50, u'CryptoPHP inclusion for social.png'),
   'PHP_SHELL':                (50, u'Shell Script'),
-  'PHP_OBFUSC_SHELL':         (50, u'Obfuscated Shell Script'),
+  'PHP_OBFUSC_SHELL':         (9, u'Obfuscated Shell Script'),
   'ACCESS_DENIED':            (-30, u'Early block execution'),
   'JAVASCRIPT_HACK':          (50, u'Javascript'),
   'HAS_EVAL':                 (2, u'Has eval()'),
@@ -575,7 +575,7 @@ def is_hacked(filename):
         score.append(('MANY_LINES3', '%i lines' % line_num))
 
     # Shell super bien caché, toutes les lignes ont la même longueur
-    if len(first_lines) > 12 and line_num < 30  and first_lines[0] == '<?php' and \
+   if len(first_lines) > 12 and line_num < 30  and first_lines[0] == '<?php' and \
             len(first_lines[1]) == len(first_lines[2]) == len(first_lines[3]) == len(first_lines[4]) == len(first_lines[5]) == len(first_lines[6]) == len(first_lines[7]) == len(first_lines[8]) and len(first_lines[3]) > 40 and first_lines[3][0] == ' ':
         score.append(('PHP_OBFUSC_SHELL', ''))