How To Detect Potentially Malicious PHP Files
~
jeudi 24 septembre 2015
Libellés :
Forensic Tools
,
Information Gathering
,
Malwares
,
Monitor
,
Scripts
,
Security
,
tools
,
Tutorials
How To Detect Potentially Malicious PHP Files ?
Here is the tool called PHP-malware-finder by nbs-system.
What does it detect?
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.
The following list of encoders/obfuscators/webshells are also detected:
- Best PHP Obfuscator
- Carbylamine
- Cipher Design
- Cyklodev
- Joes Web Tools Obfuscator
- Php Obfuscator Encode
- SpinObf
- Weevely3
- atomiku
- cobra obfuscator
- phpencode
- webtoolsvn
How does it work?
Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it's that simple!
How to use it?
$ ./phpmalwarefinder -h
Usage phpmalwarefinder [-cfhw]
-c Optional path to a configuration file
-f Fast mode
-h Show this help message
-v Verbose mode
Or if you prefer to use yara:
$ yara -r ./malwares.yara /var/www
Download
Articles
0 commentaires :
Enregistrer un commentaire