A PHP script, designed to be run by a cron job, which detects files which have been added, deleted or modified since the previous execution of the script. Sends emails with a summary of changes. Great for detecting malicious activity (hacking, unauthorised access other hacker actions).
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



Need to know if your server-based files have changed? If new files have been added, or files have been deleted? Whether as part of your routine checks, or as remedial action after your server has been compromised, Tripwire can be used to check for changes in your file system and provide a simple list of those files which have been added, deleted or modified since the last time you ran Tripwire.

How to use Tripwire

Simply upload these files to your webserver where they can be viewed through a web browser or triggered via SSH. Then do so. Tripwire will create an index of all the files it can detect, and a hash of their contents.

The next time you access or trigger Tripwire (or have a Cron job do the same), that index will be checked and compared to the new list of files and hashes and the differences will be shown.


Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Exceptions: Tripwire can be used as part of a Commercial action (such as by an IT specialist who is investigating an attack on a server, etc.) but cannot be packaged and sold as a product.