Skip to content
Go to file


Failed to load latest commit information.
Latest commit message
Commit time

March 2019: Commercial malware scanner now available

The opensource malware scanner is no longer maintained as of 2018. However, my company Sansec BV now offers a commercial scanner + signature subscription called eComscan. It contains another 12,000 private signatures, and is updated 24/7 with new threat intel.

Looking to resolve or prevent a breach? Download your copy here and get one month free using coupon "MWSCAN".


  • Best & fastest detection. eComscan is usually weeks ahead of other anti-virus solutions.
  • Quickly identify malicious code, Magecart & supply chain attacks
  • Continuous monitoring of files and databases.
  • Finds vulnerabilities & insecure extensions.
  • Get instant and actionable alerts.
  • Supports Magento 1, Magento 2, Prestashop, Shopware and Woocommerce.

Sample command line scan

Sample CLI scan output

Sample report

Sample GUI scan output

Who uses it?

I originally created MageReport, which kickstarted my research into online skimming. Besides MageReport, my scanning technology is currently recommended by Magento and used by the US Department of Homeland Security, the Magento Marketplace, Magereport, the Mage Security Council and many others.

About payment skimming and Magecart

Online payment skimming (aka "MageCart") is a large threat to digital stores. Since I first published about it in 2015, I have identified more than 40.000 compromised stores. In most cases, malware is inserted that will a) intercept customer data, b) divert payments or c) uses your customers for cryptojacking.

You can’t perform that action at this time.