rukov Posted October 11, 2015 Report Share Posted October 11, 2015 Detect potentially malicious PHP files.PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator phpencode webtoolsvnHow does it work?Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it's that simple!How to use it?$ ./phpmalwarefinder -hUsage phpmalwarefinder [-cfhw] <file|folder> ... -c Optional path to a configuration file -f Fast mode -h Show this help message -v Verbose modeDownload https://github.com/nbs-system/php-malware-finder 2 Quote Link to comment Share on other sites More sharing options...
cristi007 Posted October 14, 2015 Report Share Posted October 14, 2015 cum il instalez in cmd?? comenzile?? sau cum sai dau comnzile de scan?? Quote Link to comment Share on other sites More sharing options...
rukov Posted October 14, 2015 Author Report Share Posted October 14, 2015 Ai nevoie de ochelari?$ ./phpmalwarefinder -hUsage phpmalwarefinder [-cfhw] <file|folder> ... Quote Link to comment Share on other sites More sharing options...
meh Posted February 26, 2016 Report Share Posted February 26, 2016 Se afirmă în README că scopul este de a detecta webshells stupide, pentru a nu prinde strălucitor APT. Si apropo, bypass-ul a fost fixat 1 Quote Link to comment Share on other sites More sharing options...
sweed29 Posted May 6, 2016 Report Share Posted May 6, 2016 Eu de obicei folosesc maldet (Linux Malware Detect) sau CXS (pe serverele pe care am licenta platita pentru acel tool). In principiu fac cam acelasi lucru si folosesc clamscan-ul pentru a identifica anumiti virusi. Desigur fiecare program are propriul engine de detectie insa nu sunt 100% infailibile. Am patit-o de multe ori sa existe site-uri infectate (in special wordpress-uri) care in urma scanarii cu ambele programe au raportat ca sunt curate. Aici a intervenit find + grep si alte incercari similare pana cand in final a fost descoperita problema. Daca stiti alte tool-uri de linux pentru asa ceva, astept sugestiile voastre! Quote Link to comment Share on other sites More sharing options...
sweed29 Posted May 20, 2016 Report Share Posted May 20, 2016 Yes that's correct! that software runs on linux (any distro) Quote Link to comment Share on other sites More sharing options...