reorganized git repo

author: Julien "shaddai" Reveret 2015-10-08 17:44:47 +0200
committer: Mathieu Deous 2015-10-29 14:55:04 +0100
commit: ff0c609ce15299fcd0da5f5b471d3519495977ff (patch)
tree: b217ff3ed047ad0f63c4e39b8f400eebafa0d1a3 /README.md
parent: 1b88cf3b85d8e3225fb55526f53cbf4df75d9813 (diff)
1 files changed, 0 insertions, 69 deletions
diff --git a/README.md b/README.md
deleted file mode 100644
index 69d4e11..0000000
--- a/README.md
+++ /dev/null
@@ -1,69 +0,0 @@
-# PHP Malware Finder
- ```
-  _______  __   __  _______
- |  ___  ||  |_|  ||       |
- | |   | ||       ||    ___|
- | |___| ||       ||   |___   Webshell finder,
- |    ___||       ||    ___|   kiddies hunter,
- |   |    | ||_|| ||   |                website cleaner.
- |___|    |_|   |_||___|
-Detect potentially malicious PHP files.
-```
-## What does it detect?
-PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.
-The following list of encoders/obfuscators/webshells are also detected:
-* [Best PHP Obfuscator]( http://www.pipsomania.com/best_php_obfuscator.do )
-* [Carbylamine]( https://code.google.com/p/carbylamine/ )
-* [Cipher Design]( http://cipherdesign.co.uk/service/php-obfuscator )
-* [Cyklodev]( http://sysadmin.cyklodev.com/online-php-obfuscator/ )
-* [Joes Web Tools Obfuscator]( http://www.joeswebtools.com/security/php-obfuscator/ )
-* [Php Obfuscator Encode]( http://w3webtools.com/encode-php-online/ )
-* [SpinObf]( http://mohssen.org/SpinObf.php )
-* [Weevely3]( https://github.com/epinna/weevely3 )
-* [atomiku]( http://atomiku.com/online-php-code-obfuscator/ )
-* [cobra obfuscator]( http://obfuscator.uk/example/ )
-* [phpencode]( http://phpencode.org )
-* [webtoolsvn]( http://www.webtoolsvn.com/en-decode/ )
-## How does it work?
-Detection is performed by crawling the filesystem and testing files against a [set]( https://github.com/nbs-system/php-malware-finder/blob/master/malwares.yara )
-of [YARA](https://plusvic.github.io/yara/) rules. Yes, it's that simple!
-## How to use it?
-```
-$ ./phpmalwarefinder -h
-Usage phpmalwarefinder [-cfhw] <file|folder> ...
-        -c  Optional path to a configuration file
-        -f  Fast mode
-        -h  Show this help message
-        -v  Verbose mode
-```
-Or if you prefer to use `yara`:
-```
-$ yara -r ./malwares.yara /var/www
-```
-## Whitelisting
-Check the [whitelist.yara]( https://github.com/nbs-system/php-malware-finder/blob/master/whitelist.yara ) file.
-If you're lazy, you can generate whitelists for entire folders with the [generate_whitelist.py]( https://github.com/nbs-system/php-malware-finder/blob/master/generate_whitelist.py ) script.
-## Licensing
-PHP-malware-finder is [licensed]( https://github.com/nbs-system/php-malware-finder/blob/master/LICENSE ) under the GNU General Public License v3.
-The _amazing_ YARA project is licensed under the Apache v2.0 license.
-Patches, whitelists or samples are of course more than welcome.
author	Julien "shaddai" Reveret	2015-10-08 17:44:47 +0200
committer	Mathieu Deous	2015-10-29 14:55:04 +0100
commit	ff0c609ce15299fcd0da5f5b471d3519495977ff (patch)
tree	b217ff3ed047ad0f63c4e39b8f400eebafa0d1a3 /README.md
parent	1b88cf3b85d8e3225fb55526f53cbf4df75d9813 (diff)

diff --git a/README.md b/README.md deleted file mode 100644 index 69d4e11..0000000 --- a/README.md +++ /dev/null
@@ -1,69 +0,0 @@
1	# PHP Malware Finder
2
3	```
4	_______ __ __ _______
5	\| ___ \|\| \|_\| \|\| \|
6	\| \| \| \|\| \|\| ___\|
7	\| \|___\| \|\| \|\| \|___ Webshell finder,
8	\| ___\|\| \|\| ___\| kiddies hunter,
9	\| \| \| \|\|_\|\| \|\| \| website cleaner.
10	\|___\| \|_\| \|_\|\|___\|
11
12	Detect potentially malicious PHP files.
13	```
14
15	## What does it detect?
16
17	PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.
18
19	The following list of encoders/obfuscators/webshells are also detected:
20
21	* [Best PHP Obfuscator]( http://www.pipsomania.com/best_php_obfuscator.do )
22	* [Carbylamine]( https://code.google.com/p/carbylamine/ )
23	* [Cipher Design]( http://cipherdesign.co.uk/service/php-obfuscator )
24	* [Cyklodev]( http://sysadmin.cyklodev.com/online-php-obfuscator/ )
25	* [Joes Web Tools Obfuscator]( http://www.joeswebtools.com/security/php-obfuscator/ )
26	* [Php Obfuscator Encode]( http://w3webtools.com/encode-php-online/ )
27	* [SpinObf]( http://mohssen.org/SpinObf.php )
28	* [Weevely3]( https://github.com/epinna/weevely3 )
29	* [atomiku]( http://atomiku.com/online-php-code-obfuscator/ )
30	* [cobra obfuscator]( http://obfuscator.uk/example/ )
31	* [phpencode]( http://phpencode.org )
32	* [webtoolsvn]( http://www.webtoolsvn.com/en-decode/ )
33
34
35	## How does it work?
36
37	Detection is performed by crawling the filesystem and testing files against a [set]( https://github.com/nbs-system/php-malware-finder/blob/master/malwares.yara )
38	of [YARA](https://plusvic.github.io/yara/) rules. Yes, it's that simple!
39
40
41	## How to use it?
42
43	```
44	$ ./phpmalwarefinder -h
45	Usage phpmalwarefinder [-cfhw] <file\|folder> ...
46	-c Optional path to a configuration file
47	-f Fast mode
48	-h Show this help message
49	-v Verbose mode
50	```
51
52	Or if you prefer to use `yara`:
53
54	```
55	$ yara -r ./malwares.yara /var/www
56	```
57
58	## Whitelisting
59
60	Check the [whitelist.yara]( https://github.com/nbs-system/php-malware-finder/blob/master/whitelist.yara ) file.
61	If you're lazy, you can generate whitelists for entire folders with the [generate_whitelist.py]( https://github.com/nbs-system/php-malware-finder/blob/master/generate_whitelist.py ) script.
62
63	## Licensing
64
65	PHP-malware-finder is [licensed]( https://github.com/nbs-system/php-malware-finder/blob/master/LICENSE ) under the GNU General Public License v3.
66
67	The _amazing_ YARA project is licensed under the Apache v2.0 license.
68
69	Patches, whitelists or samples are of course more than welcome.