secure.directive
Active member
- May 2, 2022
- 100
- 70
- 43
As the question comes up often, here some tools to scan for possible malicious code or malware. Will update, as I find some time and maybe even add some examples / tutorials 
PHP Security / Scanner Tools
PHP Security / Scanner Tools
- PMF - https://github.com/nbs-system/php-malware-finder
- RIPS - https://github.com/robocoder/rips-scanner
- SonarPHP - https://github.com/SonarSource/sonar-php
- Exakat - https://github.com/exakat/exakat-ce
- Grabber - Python based - http://rgaucher.info/beta/grabber/
- Local PHP Scanner - https://github.com/fabpot/local-php-security-checker or using the Symfony CLI-Tool https://symfony.com/download
- WPScan - https://github.com/wpscanteam/wpscan
Can easily be installed using Homebrew / Deeper Scans using an API Key from WPScan (Free Key allows 25 scans per day)
- Nikto - https://github.com/sullo/nikto (brew install nikto)
- Chkrootkit - http://www.chkrootkit.org/
- Lynis - https://cisofy.com/downloads/lynis/
Last edited:
