Detect potentially malicious PHP files. Based on https://github.com/jvoisin/php-malware-finder by jvoisin for the regex rules. Thanks to him. Added suspicious namings in string and variable tokens.
1.03-beta
PHP >= 5.3
php mw.php [directory] [-R] [-i] [-lw [whitelistName]]
- -R : Recursive
- -i : ignore. Don't ask user prompt
- -lw : Learn and whitelist.
php mw.php ../WordPress/ -R
Scan the directory ../Wordpress
recursively and ask an user action if a broken rule is detected.
php mw.php ../WordPress/ -R -i
Scan the directory ../Wordpress
recursively but ignore prompt. It's an overall seeing.
php mw.php ../phpmyadmin/ -R -lw "phpmyadmin 4.1"
Scan the ../phpmyadmin/
directory considered safe and whitelist the files breaking the standard rules in the "phpmyadmin 4.1" whitelist. See "whitelisted.json".
Contains all the trigrams learned in safe files and whitelisted variable/string names.
Contains all the malware signature and rules.
Contains all the sha computed for whitelisted files.
- v1.03-beta : Fix bug with whitelist. Add a rule for silenced serialize call.
- v1.02-beta : Add progress bar when ignore (or learn) mode is activated.
- v1.01-beta : Add quarantine and quit command in user prompt.
Whitelist some PHP frameworks :
- Undo quarantine
- Laravel
- Zend
- Drupal
- Symfony
- etc...
Send email for CRON process
Error managing with throw
ignore some rules
etc.