Jump to content

PHP Malware Finder

Recommended Posts

Detect potentially malicious PHP files.

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.

The following list of encoders/obfuscators/webshells are also detected:

Best PHP Obfuscator


Cipher Design


Joes Web Tools Obfuscator

Php Obfuscator Encode




cobra obfuscator



How does it work?

Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it's that simple!

How to use it?

$ ./phpmalwarefinder -h

Usage phpmalwarefinder [-cfhw] <file|folder> ...

-c Optional path to a configuration file

-f Fast mode

-h Show this help message

-v Verbose mode

Download https://github.com/nbs-system/php-malware-finder

  • Upvote 2

Share this post

Link to post
Share on other sites

Eu de obicei folosesc maldet (Linux Malware Detect) sau CXS (pe serverele pe care am licenta platita pentru acel tool). In principiu fac cam acelasi lucru si folosesc clamscan-ul pentru a identifica anumiti virusi. Desigur fiecare program are propriul engine de detectie insa nu sunt 100% infailibile.


Am patit-o de multe ori sa existe site-uri infectate (in special wordpress-uri) care in urma scanarii cu ambele programe au raportat ca sunt curate. Aici a intervenit find + grep si alte incercari similare pana cand in final a fost descoperita problema.


Daca stiti alte tool-uri de linux pentru asa ceva, astept sugestiile voastre!

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...