一个简单,轻量级的框架,用于检测潜在的可疑/恶意PHP代码以及其他一些公共问题的来源。完全可扩展的插件(检查和报告)支持...
A simple, lightweight framework to detect potential suspicious/malicious PHP Code and few other commons sources of problems. Fully extensible with plugins (Check & Report) support…
@copyright Ackwa.fr - 2014
http://mydomain.com/Malicious/index.php?s=mysecretkey
php index.php -s=mysecretkey
Active plugins are defined in config.phpviaMCS_PLUGINS(Check) andMCS_REPORTS` (Report) constants:
define('MCS_PLUGINS' , 'readable,big');define('MCS_REPORTS' , 'echo');
You can declare more than one configuration :
define('MCS_PLUGINS_1' , 'readable,exec,eval');define('MCS_REPORTS_1' , 'echo,log');
And use this new configuration with c and r parameters :
http://mydomain.com/Malicious/index.php?s=mysecretkey&c=1&r=1
| Name | Description |
|---|---|
| readable | Check if files are readable |
| writable | Check if files are writable |
| updated | Check if files has been updated since last check |
| shelldb | Track PHP files in regards of PHP Shell Detector database |
| eval | Track PHP files with suspect “eval()” |
| exec | Track PHP files with exec(), system()… |
| longline | Track PHP files with very long lines |
| big | Track big files and files larger “than post_max_size” |
| hidden | Track hidden files and directories (.xxx) |
| empty | Track empty files |
| cms | In progress |
| image | In progress |
| syntax | In progress |
| metrics | In progress |
| change | In progress |
| footprint | In progress |
| perm | In progress |
| token | In progress |
| ini | In progress |
| htaccess | In progress |
| mime | In progress |
| Name | Description |
|---|---|
| echo | Display results to browser / screen |
| log | Log results in malicious.log |
| Send results via e-mail | |
| html | In progress |
| In progress | |
| sms | In progress |
| Analytics | In progress |
This software is provided “as is” without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. In no event shall the author be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the author has been advised of the possibility of such damages.