Skip to content
This repository has been archived by the owner on Jan 19, 2022. It is now read-only.

A simple script that scans a webserver for suspicious looking php files

License

Notifications You must be signed in to change notification settings

micahflee/php_backdoor_scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PHP Backdoor Scanner

This is a quick and dirty scanner I wrote to search a web server for traces of PHP backdoors or other malware, since they're so common, especially on sites that use open source content management systems like WordPress, Drupal, and Joomla. I wrote it php, but it's meant to be run on a cron job, not a web browser.

Edit the configuration section at the beginning of php_backdoor_scanner.php to configure it.

$config['target_dir'] is the root folder that gets scanned
$config['output_file'] is the name of the file that it outputs to
$config['false_positives_file'] is an optional file with a list of filenames that come up as suspicious but should be ignored by the scanner
$config['email'] is an optional email address that will get sent an email if any suspicious files are found

When you run the backdoor scanner, it recursively searches your target directory for php files. When it finds them, it searches them for a list of things that look suspiciously like they could be malware, like the "c99shell" or "eval(base64(". When it finds them, it saves their filenames to your output file, and at the end of the scan sends you an email.

You should run it as root if you're scanning files in several different user's home directories.

Also, beneath the configuration section of php_backdoor_scanner.php is an array of suspicious strings. Feel free to add your own strings to that list. But remember, the more vague the string, the more false positives you'll get.

Wishlist:
- instead of using an array of strings, use regex

About

A simple script that scans a webserver for suspicious looking php files

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages