Traversing directories for files with php extensions and testing files against text or regexp rules, the rules based on self gathered samples and publicly vailable malwares/webshells. The goal is to find infected files and fight against kiddies, because to easy to bypass rules.
$ php ./scan.php -h
Usage scan.php -d <directory> [-e=.php] [--hide-ok] [--hide-whitelist]
-d Directory for searching
-e=.php Extension
--hide-ok Hide OK aka not infected messages
--hide-whitelist Hide whitelisted messages
--extra-check Adds GoogleBot and htaccess to Scan List.
See whitelist.txt file for a predefined MD5 hash list. Only the first 32 characters are used, rest of the line ignored so feel free to leave a comment.
- PHPScanner
- PMF - PHP Malware Finder
- check regexp online
- malware samples 1
- malware samples 2
- malware samples 3
PHP malware scanner is licensed under the GNU General Public License v3.