rukov Posted October 11, 2015 Report Posted October 11, 2015 Detect potentially malicious PHP files.PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator phpencode webtoolsvnHow does it work?Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it's that simple!How to use it?$ ./phpmalwarefinder -hUsage phpmalwarefinder [-cfhw] <file|folder> ... -c Optional path to a configuration file -f Fast mode -h Show this help message -v Verbose modeDownload https://github.com/nbs-system/php-malware-finder 2 Quote
cristi007 Posted October 14, 2015 Report Posted October 14, 2015 cum il instalez in cmd?? comenzile?? sau cum sai dau comnzile de scan?? Quote
rukov Posted October 14, 2015 Author Report Posted October 14, 2015 Ai nevoie de ochelari?$ ./phpmalwarefinder -hUsage phpmalwarefinder [-cfhw] <file|folder> ... Quote
meh Posted February 26, 2016 Report Posted February 26, 2016 Se afirmă în README că scopul este de a detecta webshells stupide, pentru a nu prinde strălucitor APT. Si apropo, bypass-ul a fost fixat 1 Quote
sweed29 Posted May 6, 2016 Report Posted May 6, 2016 Eu de obicei folosesc maldet (Linux Malware Detect) sau CXS (pe serverele pe care am licenta platita pentru acel tool). In principiu fac cam acelasi lucru si folosesc clamscan-ul pentru a identifica anumiti virusi. Desigur fiecare program are propriul engine de detectie insa nu sunt 100% infailibile. Am patit-o de multe ori sa existe site-uri infectate (in special wordpress-uri) care in urma scanarii cu ambele programe au raportat ca sunt curate. Aici a intervenit find + grep si alte incercari similare pana cand in final a fost descoperita problema. Daca stiti alte tool-uri de linux pentru asa ceva, astept sugestiile voastre! Quote
sweed29 Posted May 20, 2016 Report Posted May 20, 2016 Yes that's correct! that software runs on linux (any distro) Quote
