PHP Malware scanner

(Traversing directories for files with php extensions and testing files against text or regexp rules, the rules based on self gathered samples and publicly available malwares/webshells. The goal is to find infected files and fight against kiddies, because to easy to bypass rules. )

Klasörleri ve dizinlerin için deki php dosyaların içeriğini kurallarla kontrol edip dosyanın içerisinde zararlı yazılımlar shell/malwarez/backdoor gibi sorunlar için sizi bilgilendirir. Yara’nın alternatifi olarak değil de biraz daha basit bir yazılımı olarak düşünülebilir.

Yüklemek / İnstall : composer global require scr34m/php-malware-scanner

Usage: php scan.php -d <directory>
-h –help Show this help message
-d <directory> –directory Directory for searching
-e <file extension> –extension File Extension to Scan
-E –scan-everything Scan all files, with or without extensions
-i <directory|file> –ignore Directory of file to ignore
-a –all-output Enables –checksum,–comment,–pattern,–time
-b –base64 Scan for base64 encoded PHP keywords
-m –checksum Display MD5 Hash/Checksum of file
-c –comment Display comments for matched patterns
-x –extra-check Adds GoogleBot and htaccess to Scan List
-l –follow-symlink Follow symlinked directories
-k –hide-ok Hide results with ‘OK’ status
-w –hide-whitelist Hide results with ‘WL’ status
-n –no-color Disable color mode
-s –no-stop Continue scanning file after first hit
-p –pattern Show Patterns next to the file name
-t –time Show time of last file change
-L –line-number Display matching pattern line number in file
-o –output-format Custom defined output format
-j –wordpress-version Version of wordpress to get md5 signatures
–combined-whitelist Combined whitelist
–disable-stats Disable statistics output

Örnek Kullanım (example use):

php scan.php -d /home/xxx/public_html -E -k -l -b -w