项目作者: krismas

项目描述 :
一个简单,轻量级的框架,用于检测潜在的可疑/恶意PHP代码以及其他一些公共问题的来源。完全可扩展的插件(检查和报告)支持...
高级语言: PHP
项目地址: git://github.com/krismas/Malicious.git
创建时间: 2014-08-18T12:44:20Z
项目社区:https://github.com/krismas/Malicious

开源协议:

下载


Malicious

A simple, lightweight framework to detect potential suspicious/malicious PHP Code and few other commons sources of problems. Fully extensible with plugins (Check & Report) support…

@copyright Ackwa.fr - 2014

Usage

via HTTP

  1. http://mydomain.com/Malicious/index.php?s=mysecretkey

via CLI

  1. php index.php -s=mysecretkey

Plugins

Active plugins are defined in config.phpviaMCS_PLUGINS(Check) andMCS_REPORTS` (Report) constants:

  1. define('MCS_PLUGINS' , 'readable,big');
  2. define('MCS_REPORTS' , 'echo');

You can declare more than one configuration :

  1. define('MCS_PLUGINS_1' , 'readable,exec,eval');
  2. define('MCS_REPORTS_1' , 'echo,log');

And use this new configuration with c and r parameters :

  1. http://mydomain.com/Malicious/index.php?s=mysecretkey&c=1&r=1

Check Plugins

Name Description
readable Check if files are readable
writable Check if files are writable
updated Check if files has been updated since last check
shelldb Track PHP files in regards of PHP Shell Detector database
eval Track PHP files with suspect “eval()”
exec Track PHP files with exec(), system()…
longline Track PHP files with very long lines
big Track big files and files larger “than post_max_size”
hidden Track hidden files and directories (.xxx)
empty Track empty files
cms In progress
image In progress
syntax In progress
metrics In progress
change In progress
footprint In progress
perm In progress
token In progress
ini In progress
htaccess In progress
mime In progress

Report Plugins

Name Description
echo Display results to browser / screen
log Log results in malicious.log
Mail Send results via e-mail
html In progress
pdf In progress
sms In progress
Analytics In progress

Resources

inspiration

Security informations

TODO

  • More plugins
  • Documentation

Disclaimer

This software is provided “as is” without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. In no event shall the author be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the author has been advised of the possibility of such damages.