This repository has been archived by the owner on Jan 19, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
A simple script that scans a webserver for suspicious looking php files
License
micahflee/php_backdoor_scanner
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
PHP Backdoor Scanner This is a quick and dirty scanner I wrote to search a web server for traces of PHP backdoors or other malware, since they're so common, especially on sites that use open source content management systems like WordPress, Drupal, and Joomla. I wrote it php, but it's meant to be run on a cron job, not a web browser. Edit the configuration section at the beginning of php_backdoor_scanner.php to configure it. $config['target_dir'] is the root folder that gets scanned $config['output_file'] is the name of the file that it outputs to $config['false_positives_file'] is an optional file with a list of filenames that come up as suspicious but should be ignored by the scanner $config['email'] is an optional email address that will get sent an email if any suspicious files are found When you run the backdoor scanner, it recursively searches your target directory for php files. When it finds them, it searches them for a list of things that look suspiciously like they could be malware, like the "c99shell" or "eval(base64(". When it finds them, it saves their filenames to your output file, and at the end of the scan sends you an email. You should run it as root if you're scanning files in several different user's home directories. Also, beneath the configuration section of php_backdoor_scanner.php is an array of suspicious strings. Feel free to add your own strings to that list. But remember, the more vague the string, the more false positives you'll get. Wishlist: - instead of using an array of strings, use regex
About
A simple script that scans a webserver for suspicious looking php files
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published