PHP Malware Finder
_______ __ __ _______ | ___ || |_| || | | | | || || ___| | |___| || || |___ Webshell finder, | ___|| || ___| kiddies hunter, | | | ||_|| || | website cleaner. |___| |_| |_||___| Detect potentially malicious PHP files.
What does it detect?
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.
The following list of encoders/obfuscators/webshells are also detected:
- Best PHP Obfuscator
- Cipher Design
- Joes Web Tools Obfuscator
- Php Obfuscator Encode
- cobra obfuscator
How does it work?
How to use it?
$ ./phpmalwarefinder -h Usage phpmalwarefinder [-cfhw] <file|folder> ... -c Optional path to a configuration file -f Fast mode -h Show this help message -v Verbose mode
Or if you prefer to use
$ yara -r ./malwares.yara /var/www
PHP-malware-finder is licensed under the GNU General Public License v3.
The amazing YARA project is licensed under the Apache v2.0 license.
Patches, whitelists or samples are of course more than welcome.