Security Tools Collection

[secure.directive]

As the question comes up often, here some tools to scan for possible malicious code or malware. Will update, as I find some time and maybe even add some examples / tutorials

PHP Security / Scanner Tools

1. PMF - https://github.com/nbs-system/php-malware-finder
2. RIPS - https://github.com/robocoder/rips-scanner
3. SonarPHP - https://github.com/SonarSource/sonar-php
4. Exakat - https://github.com/exakat/exakat-ce
5. Grabber - Python based - http://rgaucher.info/beta/grabber/
6. Local PHP Scanner - https://github.com/fabpot/local-php-security-checker or using the Symfony CLI-Tool https://symfony.com/download

WordPress Security Scanner

1. WPScan - https://github.com/wpscanteam/wpscan
   Can easily be installed using Homebrew / Deeper Scans using an API Key from WPScan (Free Key allows 25 scans per day)

Server Web Server Scanner

1. Nikto - https://github.com/sullo/nikto (brew install nikto)
2. Chkrootkit - http://www.chkrootkit.org/
3. Lynis - https://cisofy.com/downloads/lynis/