summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-16Update the readme to reflect the license changejvoisin
2016-12-16Change the license to LGPLjvoisin
2016-12-09Add a detection for register_shutdown_functionjvoisin
Close #41
2016-12-08Improve a bit the debian packagingjvoisin
2016-12-08Fix `make deb` warningsjvoisin
2016-12-08Add a missing test filejvoisin
2016-12-08fixing issue #40, no more double slash in output when scanning a whole directoryJulien "shaddai" Reveret
2016-12-08fixed in commit b7143d389051f2bd7a8d4f15c89b4a76e9fdb9b6, long lines are ↵Julien "shaddai" Reveret
checked only if user asked pmf to
2016-12-08fix for the newly introduced function, did somebody say QA ?Julien "shaddai" Reveret
2016-12-08Fix the Debian packagingjvoisin
2016-12-08Add a '${${' rulejvoisin
2016-12-08@eval isn't legit at alljvoisin
2016-12-08Remove a broken testjvoisin
2016-12-08Remove some useless and buggy rulesjvoisin
2016-12-08misc tools like whitelist generation require python yaraJulien "shaddai" Reveret
2016-12-08Introducing new function : give user hints about potential malicious filesJulien "shaddai" Reveret
2016-12-01Merge branch 'master' of https://github.com/nbs-system/php-malware-finderJulien "shaddai" Reveret
2016-12-01Add a link in the READMEjvoisin
2016-12-01Add a new detection wayjvoisin
Close #38 Some webshells are using non-printable characters, so we match on them (kudos to @blotus for the idea). The regexp `[^ -~]` is completely killing the performances, this is why we're using [atoms](https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7) to dramatically increase the scanning speed.
2016-12-01debian package changelog modified for 0.3.4Julien "shaddai" Reveret
2016-12-01Detect [novahot]( https://github.com/chrisallenlane/novahot )jvoisin
Closes #37
2016-11-07debian package changelog modified for 0.3.4Julien "shaddai" Reveret
2016-11-04`SERVER['HTTP_*` is user-controllable.0.3.4Julien (jvoisin) Voisin
2016-10-31Improve a bit the readmeJulien (jvoisin) Voisin
2016-10-31removing dup entry and adding wp 4.2.4 whitelistsJulien "shaddai" Reveret
2016-10-31Improves the detection of concatenation-based obfuscationJulien (jvoisin) Voisin
2016-10-31missing or, fixing itJulien "shaddai" Reveret
2016-10-31wordpress 4.5.4 and 4.6 wl addedJulien "shaddai" Reveret
2016-10-28version 4.2.3 whitelist addedJulien "shaddai" Reveret
2016-10-28new magento whitelistsJulien "shaddai" Reveret
2016-10-27It seems that `and` has a precedence over `or`, unsurprisinglyJulien (jvoisin) Voisin
2016-10-27Extend whitelisting supportJulien (jvoisin) Voisin
Some detection modules weren't aware of whiteliting
2016-10-240.3.30.3.3Julien (jvoisin) Voisin
2016-10-06add the logo to the readmeJulien (jvoisin) Voisin
2016-10-06Add PMF's logoJulien (jvoisin) Voisin
2016-10-06Fix the documentation (closes #35)Julien (jvoisin) Voisin
The documentation stated `make test` instead of `make tests`. Thanks to @lippoliv for noticing.
2016-08-30Improve a bit the README fileJulien (jvoisin) Voisin
2016-08-30Add a rule to detect some obfuscated samplesJulien (jvoisin) Voisin
Thanks to @Doeurf for the sample
2016-08-26wordpress whitelist updateJulien "shaddai" Reveret
2016-08-26new phpmyadmin version added : 4.5.3Julien "shaddai" Reveret
2016-08-12Add a strrev-based detection, because skiddies are, will, skiddies.Julien (jvoisin) Voisin
2016-08-12Improves a bit the release processJulien (jvoisin) Voisin
2016-08-12Move the license file to the root folderJulien (jvoisin) Voisin
2016-07-29release doc fixJulien "shaddai" Reveret
2016-07-29comments triggering error in tests, fixing itJulien "shaddai" Reveret
2016-07-29add a release fileJulien "shaddai" Reveret
2016-07-29typo in changelog fixed, install file updated0.3.2Julien "shaddai" Reveret
2016-07-29debian package modificationJulien "shaddai" Reveret
2016-07-29new whitelists with new dir, adding them to the rule update functionJulien "shaddai" Reveret
2016-07-29adding custom.yar for user own webapp(s)Julien "shaddai" Reveret