Skip to content

v0.0.1.9 — Malware pattern detection

Latest
Latest

Choose a tag to compare

View all tags
@khoipro khoipro released this 27 Jun 02:25
· 1 commit to main since this release
v0.0.1.9
f291d15

Added

  • Fast malware pattern detection (Phase 1) in wp-security-audit.sh — runs without dependencies:
    • goods.php / shop.php known PHP shells 🔴
    • .tmb/*.php Tiny File Manager 🔴
    • wp-includes/blocks/ZEa/ backdoor block 🔴
    • wp-login.php yrxc_uck cookie auth bypass 🔴
    • Obfuscated large single-line PHP (>50KB, <5 lines) 🟠
    • eval/system/exec/base64_decode at webapp root 🟡
    • Non-core files in wp-includes/ 🟡
    • Suspicious cron hooks via wp-cli 🟡
  • Dependencies optional — warn instead of exit 1 if clamav/rkhunter/chkrootkit missing
  • --install-deps flag — one-command install of clamav + rkhunter + chkrootkit
  • Summary score per-site with colored output (green=clean, red=issues)

Closes #34

Assets 2
Loading