Light

totopouet / magento-malware-scanner Goto Github PK

View Code? Open in Web Editor NEW

This project forked from gwillem/magento-malware-scanner

0.0 2.0 0.0 3.58 MB

A collection of rules and samples to detect Magento malware

License: GNU General Public License v3.0

Perl 0.15% JavaScript 9.24% HTML 60.60% Click 0.39% C++ 0.01% NewLisp 1.23% PHP 27.24% Python 1.15%

magento-malware-scanner's Introduction

6 April, 2017: Magento Marketplace uses this scanner for new extensions

27 March, 2017: this scanner is now used by the Mage Security Council

Scan your site in 30 seconds

On a standard Linux or Mac OSX server, run two commands to find infected files:

wget git.io/mwscan.txt
grep -Erlf mwscan.txt /path/to/magento

Advanced scanner for sysadmins: mwscan

Features:

Incremental scans: only display hits for new files. Plus, normal scanning may use lots of server power. So only scanning new files is a great optimization.
Faster scanning: using Yara is 4-20x times faster than grep.
Efficient whitelisting: some extension vendors have obfuscated their code so that it looks exactly like malware. We maintain a list of bad-looking-but-good-code to save you some false alarms.
Extension filtering: most of the time, it is useless to scan image files, backups etc. So the default mode for the Malware Scanner is to only scan web code documents (html, js, php).

See advanced usage.

Objective

For the free MageReport we already analyse lots of malware samples. Now, many system administrators are doing the same work. That's incredibly inefficient. Goal:

Once a particular strain of malware has been found and analyzed, nobody should have to duplicate these efforts.

This repository is a community effort of security conscious people. Contributions most welcome!

Test coverage

Travis-CI verifies:

that all samples are detected
all signatures match at least one sample
Magento releases do not trigger false positives

magento-malware-scanner's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.