PHP Malware Scanner Free Tool: Scan PHP files to find malicious code

Recommend this page to a friend!
  Info   View files View files (70)   DownloadInstall with Composer Download .zip   Reputation   Support forum (3)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2021-07-19 (1 month ago) RSS 2.0 feedStarStarStarStar 69%Total: 936 This week: 2All time: 3,797 This week: 88Up
Version License PHP version Categories
php-antimalware-scan 0.10.1Free for non-comm...5PHP 5, Files and Folders, Console, Se...
Description Author

This package can scan PHP files to find malicious code.

It provides a text terminal console interface to scan files in a given directory and find PHP code files the seem to contain malicious code.

The package can also scan the PHP files without outputting anything to the terminal console. In that case the results are stored in a log file.

Picture of Marco Cesarato
  Performance   Level  
Name: Marco Cesarato <contact>
Classes: 9 packages by
Country: Italy Italy
Innovation award
Innovation award
Nominee: 2x

Details

<div align="center">

Version

<h1 align="center">PHP Antimalware Scanner</h1>

Version Requirements Code Style License GitHub

If this project helped you out, please support us with a star :star:

Documentation

</div>

Description

PHP Antimalware Scanner is a free tool to scan PHP files and analyze your project to find any malicious code inside it.

It provides an interactive text terminal console interface to scan a file, or all files in a given directory (file paths can be also be managed using --filter-paths or --ignore-paths), and find PHP code files that seem to contain malicious code. When a probable malware is detected, will be asked what action to take (like add to whitelist, delete files, try clean infected code etc...).

The package can also scan the PHP files in a report mode (--report|-r), so without interact and outputting anything to the terminal console. In that case the results will be stored in a report file in html (default) or text format (--report-format <format>).

This scanner can work on your own php projects and on a lot of others platform using the right combinations of configurations (ex. using --lite|-l flag can help to find less false positivity).

:warning: *Remember that you will be solely responsible for any damage to your computer system or loss of data that results from such activities. You are solely responsible to adequate protection and backup of the data before execute the scanner.*

How to contribute

Have an idea? Found a bug? Please raise to ISSUES or PULL REQUEST. Contributions are welcome and are greatly appreciated! Every little bit helps.

:blue_book: Requirements

  • php 5.5+ - php-xml - php-zip - php-mbstring - php-json - php-common - php-curl - php-gd

:book: Install

Release

You can use one of this method to install the scanner downloading it from github or directly from console.

Download

Go on GitHub page and press on Releases tab or download the raw file from:

Download

Console

  1. Run this command from console (scanner will be download on your current directory):

    `wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner --no-check-certificate`

  2. Run the scanner:

    `php scanner ./dir-to-scan -l ...`

  3. (Optional) Install as bin command (Unix Bash)

    Run this command:

     wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner --no-check-certificate -O /usr/bin/awscan.phar && \
     printf "#!/bin/bash\nphp /usr/bin/awscan.phar \$@" > /usr/bin/awscan && \
     chmod u+x,g+x /usr/bin/awscan.phar && \
     chmod u+x,g+x /usr/bin/awscan && \
     export PATH=$PATH":/usr/bin"
    

    Now you can run the scanner simply with this command: `awscan ./dir-to-scan -l...`

Source

Download

Click on GitHub page "Clone or download" or download from:

Download

Git

  1. Install git
  2. Copy the command and link from below in your terminal: `git clone https://github.com/marcocesarato/PHP-Antimalware-Scanner`
  3. Change directories to the new `~/PHP-Antimalware-Scanner` directory: `cd ~/PHP-Antimalware-Scanner/`
  4. To ensure that your master branch is up-to-date, use the pull command: `git pull https://github.com/marcocesarato/PHP-Antimalware-Scanner`
  5. Enjoy

:whale: Docker

  1. Download the source
  2. Build command `docker build --tag amwscan-docker .`
  3. Run command `docker run -it --rm amwscan-docker bash`

:mag_right: Scanning mode

The first think you need to decide is the strength, you need to calibrate your scan to find less false positive as possible during scanning without miss for real malware. For this you can choose the aggression level.

The scanner permit to have some predefined modes:

| Mode | Alias | ? | Description | | --------------------------- | ----- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | None&nbsp;(default) | | ? | Search for all functions, exploits and malware signs without any restrictions | | Only&nbsp;exploits | -e | ? | Search only for exploits definitions<br />Use flag: --only-exploits | | Lite&nbsp;mode | -l | ? | Search for exploits with some restrictions and malware signs (on Wordpress and others platform could detect less false positivity)<br />Use flag: --lite | | Only&nbsp;functions | -f| ? | Search only for functions (on some obfuscated code functions couldn't be detected) <br />Use flag: --only-functions | | Only&nbsp;signatures | -s | ? | Search only for malware signatures (could be a good solution for Wordpress and others platform to detect less false positivity)<br />Use flag: --only-signatures |

:computer: Usage

Command line

php amwscan ./mywebsite/http/ -l -s --only-exploits
php amwscan -s --max-filesize="5MB"
php amwscan -s -logs="/user/marco/scanner.log"
php amwscan --lite --only-exploits
php amwscan --exploits="double_var2" --functions="eval, str_replace"
php amwscan --ignore-paths="/my/path/.log,/my/path//cache/*"

To check all options check the Documentation

Suggestions

If you are running the scanner on a Wordpress project or other popular platform use --only-signatures or --lite flag to have check with less false positive but this could miss some dangerous exploits like nano.

Programmatically

On programmatically silent mode and auto skip are automatically enabled.

use AMWScan\Scanner;

$app = new Scanner();
$report = $app->setPathScan("my/path/to/scan")
              ->enableBackups()
              ->setPathBackups("/my/path/backups")
              ->enableLiteMode()
              ->setAutoClean()
              ->run();

Report Object

object(stdClass) (7) {
  ["scanned"]    => int(0)
  ["detected"]   => int(0)
  ["removed"]    => array(0) {}
  ["ignored"]    => array(0) {}
  ["edited"]     => array(0) {}
  ["quarantine"] => array(0) {}
  ["whitelist"]  => array(0) {}
}

:art: Screenshots

Report

> HTML report format (default)

Screen Report

Interactive CLI

Screen Full

  Files folder image Files  
File Role Description
Files folder image.github (1 directory)
Files folder imagebin (6 files)
Files folder imagedist (2 files)
Files folder imagedocs (6 files, 3 directories)
Files folder imageimages (4 files)
Files folder imagesrc (11 files, 5 directories)
Accessible without login Plain text file .changelog Example Example script
Accessible without login Plain text file .php-cs-fixer.php Example Example script
Accessible without login Plain text file CHANGELOG.md Data Auxiliary data
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file composer.lock Data Auxiliary data
Accessible without login Plain text file Dockerfile Data Auxiliary data
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file README.md Doc. Documentation
Accessible without login Plain text file TODO.md Data Auxiliary data

  Files folder image Files  /  .github  
File Role Description
Files folder imageworkflows (1 file)

  Files folder image Files  /  .github  /  workflows  
File Role Description
  Accessible without login Plain text file php.yml Data Auxiliary data

  Files folder image Files  /  bin  
File Role Description
  Accessible without login Plain text file build Example Example script
  Accessible without login Plain text file fix-cs Data Auxiliary data
  Accessible without login Plain text file fix-cs-all Data Auxiliary data
  Accessible without login Plain text file lint Data Auxiliary data
  Accessible without login Plain text file pre-commit Data Auxiliary data
  Accessible without login Plain text file run Data Auxiliary data

  Files folder image Files  /  dist  
File Role Description
  Plain text file scanner Class Class source
  Accessible without login Plain text file version Data Auxiliary data

  Files folder image Files  /  docs  
File Role Description
Files folder imagedocs (7 files, 1 directory)
Files folder imagesrc (1 directory)
Files folder imagestatic (1 directory)
  Accessible without login Plain text file babel.config.js Data Auxiliary data
  Accessible without login Plain text file docusaurus.config.js Data Auxiliary data
  Accessible without login Plain text file package.json Data Auxiliary data
  Accessible without login Plain text file README.md Doc. Documentation
  Accessible without login Plain text file sidebars.js Data Auxiliary data
  Accessible without login Plain text file yarn.lock Data Auxiliary data

  Files folder image Files  /  docs  /  docs  
File Role Description
Files folder imageextras (4 files)
  Accessible without login Plain text file getting-started.md Data Auxiliary data
  Accessible without login Plain text file how-contribute.md Data Auxiliary data
  Accessible without login Plain text file how-update.md Data Auxiliary data
  Accessible without login Plain text file install.md Data Auxiliary data
  Accessible without login Plain text file intro.md Data Auxiliary data
  Accessible without login Plain text file options.md Data Auxiliary data
  Accessible without login Plain text file requirements.md Data Auxiliary data

  Files folder image Files  /  docs  /  docs  /  extras  
File Role Description
  Accessible without login Plain text file build.md Data Auxiliary data
  Accessible without login Plain text file programmatically.md Data Auxiliary data
  Accessible without login Plain text file tests.md Data Auxiliary data
  Accessible without login Plain text file _category_.json Data Auxiliary data

  Files folder image Files  /  docs  /  src  
File Role Description
Files folder imagecss (1 file)

  Files folder image Files  /  docs  /  src  /  css  
File Role Description
  Accessible without login Plain text file custom.css Data Auxiliary data

  Files folder image Files  /  docs  /  static  
File Role Description
Files folder imageimg (2 files)

  Files folder image Files  /  docs  /  static  /  img  
File Role Description
  Accessible without login Image file favicon.ico Data Auxiliary data
  Accessible without login Image file logo.png Icon Icon image

  Files folder image Files  /  images  
File Role Description
  Accessible without login Image file favicon.png Icon Icon image
  Accessible without login Image file logo.png Icon Icon image
  Accessible without login Image file screenshot_full.png Data Auxiliary data
  Accessible without login Image file screenshot_report.png Data Auxiliary data

  Files folder image Files  /  src  
File Role Description
Files folder imageAbstracts (1 file)
Files folder imageConsole (5 files, 1 directory)
Files folder imageInterfaces (1 file)
Files folder imageModules (1 file)
Files folder imageTemplates (3 files)
  Plain text file Actions.php Class Class source
  Plain text file Cache.php Class Class source
  Plain text file CodeMatch.php Class Class source
  Plain text file Deobfuscator.php Class Class source
  Plain text file Exploits.php Class Class source
  Plain text file Functions.php Class Class source
  Accessible without login Plain text file index.php Example Example script
  Plain text file Modules.php Class Class source
  Plain text file Path.php Class Class source
  Plain text file Scanner.php Class Class source
  Plain text file Signatures.php Class Class source

  Files folder image Files  /  src  /  Abstracts  
File Role Description
  Plain text file SingletonAbstract.php Class Class source

  Files folder image Files  /  src  /  Console  
File Role Description
Files folder imageFonts (6 files)
  Plain text file Argument.php Class Class source
  Plain text file Argv.php Class Class source
  Plain text file CLI.php Class Class source
  Plain text file Figlet.php Class Class source
  Plain text file Flag.php Class Class source

  Files folder image Files  /  src  /  Console  /  Fonts  
File Role Description
  Accessible without login Plain text file ansishadow.flf Data Auxiliary data
  Accessible without login Plain text file basic.flf Data Auxiliary data
  Accessible without login Plain text file colossal.flf Data Auxiliary data
  Accessible without login Plain text file rozzo.flf Data Auxiliary data
  Accessible without login Plain text file smkeyboard.flf Data Auxiliary data
  Accessible without login Plain text file stop.flf Data Auxiliary data

  Files folder image Files  /  src  /  Interfaces  
File Role Description
  Plain text file VerifierInterface.php Class Class source

  Files folder image Files  /  src  /  Modules  
File Role Description
  Plain text file Wordpress.php Class Class source

  Files folder image Files  /  src  /  Templates  
File Role Description
  Accessible without login HTML file Report.html Doc. Documentation
  Plain text file Report.php Class Class source
  Plain text file Table.php Class Class source

 Version Control Unique User Downloads Download Rankings  
 100%
Total:936
This week:2
All time:3,797
This week:88Up
 User Ratings  
 
 All time
Utility:83%StarStarStarStarStar
Consistency:91%StarStarStarStarStar
Documentation:91%StarStarStarStarStar
Examples:100%StarStarStarStarStarStar
Tests:-
Videos:-
Overall:69%StarStarStarStar
Rank:422
  
For more information send a message to info at phpclasses dot org.