Malicious
Malicious copied to clipboard
krismas
A simple, lightweight framework to detect potential suspicious/malicious PHP Code and few other commons sources of problems. Fully extensible with plugins (Check & Report) support...
Malicious
A simple, lightweight framework to detect potential suspicious/malicious PHP Code and few other commons sources of problems. Fully extensible with plugins (Check & Report) support...
@copyright Ackwa.fr - 2014
Usage
via HTTP
http://mydomain.com/Malicious/index.php?s=mysecretkey
via CLI
php index.php -s=mysecretkey
Plugins
Active plugins are defined in config.phpviaMCS_PLUGINS(Check) andMCS_REPORTS` (Report) constants:
define('MCS_PLUGINS' , 'readable,big');
define('MCS_REPORTS' , 'echo');
You can declare more than one configuration :
define('MCS_PLUGINS_1' , 'readable,exec,eval');
define('MCS_REPORTS_1' , 'echo,log');
And use this new configuration with c and r parameters :
http://mydomain.com/Malicious/index.php?s=mysecretkey&c=1&r=1
Check Plugins
| Name | Description |
|---|---|
| readable | Check if files are readable |
| writable | Check if files are writable |
| updated | Check if files has been updated since last check |
| shelldb | Track PHP files in regards of PHP Shell Detector database |
| eval | Track PHP files with suspect "eval()" |
| exec | Track PHP files with exec(), system()... |
| longline | Track PHP files with very long lines |
| big | Track big files and files larger "than post_max_size" |
| hidden | Track hidden files and directories (.xxx) |
| empty | Track empty files |
| cms | In progress |
| image | In progress |
| syntax | In progress |
| metrics | In progress |
| change | In progress |
| footprint | In progress |
| perm | In progress |
| token | In progress |
| ini | In progress |
| htaccess | In progress |
| mime | In progress |
Report Plugins
| Name | Description |
|---|---|
| echo | Display results to browser / screen |
| log | Log results in malicious.log |
| Send results via e-mail | |
| html | In progress |
| In progress | |
| sms | In progress |
| Analytics | In progress |
Resources
inspiration
Security informations
- How to Tell if Your PHP Site has been Hacked or Compromised
- Exploitable PHP functions
- Code injection – a simple PHP virus carried in a JPEG image
- Webshell
TODO
- More plugins
- Documentation
Disclaimer
This software is provided "as is" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. In no event shall the author be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the author has been advised of the possibility of such damages.
krismas