From 3467d442aac125413e4368a4ac3c21ab0ba72560 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 21 Feb 2018 12:18:52 +0100 Subject: Update a bit the README --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4669f42..c6daaeb 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,4 @@ [![Build Status](https://travis-ci.org/nbs-system/php-malware-finder.svg?branch=master)](https://travis-ci.org/nbs-system/php-malware-finder) -[![Gitter](https://badges.gitter.im/nbs-system/php-malware-finder.svg)](https://gitter.im/nbs-system/php-malware-finder?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) # PHP Malware Finder @@ -63,20 +62,18 @@ and then passed to some dangerous function like `system`". ``` $ ./phpmalwarefinder -h -Usage phpmalwarefinder [-cfhtv] [-l (php|asp)] ... - -c Optional path to a configuration file +Usage phpmalwarefinder [-cfhtvl] ... + -c Optional path to a rule file -f Fast mode -h Show this help message -t Specify the number of threads to use (8 by default) -v Verbose mode - -l Set language ('asp', 'php') ``` Or if you prefer to use `yara`: ``` $ yara -r ./php.yar /var/www -$ yara -r ./asp.yar /var/www ``` Please keep in mind that you should use at least YARA 3.4 because we're using @@ -94,6 +91,7 @@ If you're lazy, you can generate whitelists for entire folders with the [generate_whitelist.py](https://github.com/nbs-system/php-malware-finder/blob/master/php-malware-finder/generate_whitelist.py) script. ## Why should I use it instead of something else? + Because: - It doesn't use [a single rule per sample]( https://github.com/Neo23x0/signature-base/blob/e264d66a8ea3be93db8482ab3d639a2ed3e9c949/yara/thor-webshells.yar -- cgit v1.3