How To Detect Potentially Malicious PHP Files ?
Here is the tool called PHP-malware-finder by nbs-system.
What does it detect?
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.
The following list of encoders/obfuscators/webshells are also detected:
- Best PHP Obfuscator
- Carbylamine
- Cipher Design
- Cyklodev
- Joes Web Tools Obfuscator
- Php Obfuscator Encode
- SpinObf
- Weevely3
- atomiku
- cobra obfuscator
- phpencode
- webtoolsvn
How does it work?
Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it's that simple!
How to use it?
$ ./phpmalwarefinder -h
Usage phpmalwarefinder [-cfhw] <file|folder> ...
-c Optional path to a configuration file
-f Fast mode
-h Show this help message
-v Verbose mode
Or if you prefer to use yara:
$ yara -r ./malwares.yara /var/www
Download
ليست هناك تعليقات:
إرسال تعليق