As the question comes up often, here some tools to scan for possible malicious code or malware. Will update, as I find some time and maybe even add some examples / tutorials
PHP Security / Scanner Tools
PHP Security / Scanner Tools
- PMF - https://github.com/nbs-system/php-malware-finder
- RIPS - https://github.com/robocoder/rips-scanner
- SonarPHP - https://github.com/SonarSource/sonar-php
- Exakat - https://github.com/exakat/exakat-ce
- Grabber - Python based - http://rgaucher.info/beta/grabber/
- Local PHP Scanner - https://github.com/fabpot/local-php-security-checker or using the Symfony CLI-Tool https://symfony.com/download
- WPScan - https://github.com/wpscanteam/wpscan
Can easily be installed using Homebrew / Deeper Scans using an API Key from WPScan (Free Key allows 25 scans per day)
- Nikto - https://github.com/sullo/nikto (brew install nikto)
- Chkrootkit - http://www.chkrootkit.org/
- Lynis - https://cisofy.com/downloads/lynis/
Last edited: