Popularity
0.6
Growing
Activity
0.0
Stable
6
2
0

Description

Finds code pieces, that looks like viruses/trojans inside php source code.

Programming language: Go
License: MIT License
Tags: Command Line     Code Analysis     CLI     PHP    

phpunisher alternatives and similar packages

Based on the "Code Analysis" category.
Alternatively, view phpunisher alternatives based on common mentions on social networks and blogs.

Do you think we are missing an alternative of phpunisher or a related project?

Add another 'Code Analysis' Package

README

Build Go Report Card Maintainability Test Coverage

License [Go Version](go.mod) Release

phpunisher

Finds code pieces, that looks like viruses/trojans inside php source code.

Tested on following public malware collections:

features

  • powered by great php-parser library
  • selected scanners run in parrallel
  • no signatures
  • fully customized detection rules

installation

usage

~# cd /to/your/php/code
~# phpunisher -report                  # to see report
~# phpunisher | xargs -d "\n" -n 1 rm  # to remove suspicios

or

~# phpunisher -dump-conf > my_rules.yaml
~# $EDITOR my_rules.yaml # edit to suit your needs
~# cd /to/your/php/code
~# phpunisher -conf /path/to/my_rules.yaml -report

flags

-conf string
    load scanners config from file
-dump-conf
    dump default scanners config to stdout
-mask string
    scan masks, use ';' as separator (default "*.php*")
-report
    show report for found suspects
-score float
    minimal score to threat file as suspect
-version
    show version
-workers int
    workers count (scan parallelism) (default 2)

scanners

  • array-call finds function calls from array elements
  • array-ops notifies if array operations amount is over 20% of all operations
  • escapes notifies if string literal has more than two escaped symbols
  • evals scans for eval expression
  • funcs scans againts 'bad function' list (based on this article)
  • include notifies if whole file is single include instruction
  • long-str notifies if string literal rather long (>64 chars) and does not contains any spaces (encoded blobs)


*Note that all licence references and agreements mentioned in the phpunisher README section above are relevant to that project's source code only.