Finds and removes malicious eval base64 PHP code.
Project description
Eval/Base64 File Scrubber [](https://travis-ci.org/michigan-com/eval_scrubber)
=========================
This script will walk through all files in a directory, find, and remove
any content that is suspected to be malicious.
This scan uses a regular expression to seek out any potentially malicious content
```
infected_pattern = re.compile(r"<\?php\s*eval\((.+\()*base64_decode\(.+\)\).+\s*?>")
```
What it is matching is `<?php eval(base64_decode()) ?>` or `<?php eval(gzinflate(base64_decode())) ?>`
It is strongly advized to check that this regular expression will match your needs.
We have not covered all of the edge cases for this script so be warned running this
script could have negative consequences.
The script accepts two arguments: action and directory
Actions:
* Find - Scans directory recursively and lists all potentially infected files
* Remove - Scans directory recursively and removes the regular express match
from all potentially infected files
```
python -m eval_scrubber find <dir>
python -m eval_scrubber remove <dir>
```
Set the log level
```
DEBUG=1 python -m eval_scrubber find <dir>
```
Install via PIP
---------------
```
pip install eval_scrubber
```
CHANGELOG
=========
0.0.3 2015-10-05
----------------
* Better unicode support
0.0.1 2015-10-05
----------------
* Uploaded to pypi
=========================
This script will walk through all files in a directory, find, and remove
any content that is suspected to be malicious.
This scan uses a regular expression to seek out any potentially malicious content
```
infected_pattern = re.compile(r"<\?php\s*eval\((.+\()*base64_decode\(.+\)\).+\s*?>")
```
What it is matching is `<?php eval(base64_decode()) ?>` or `<?php eval(gzinflate(base64_decode())) ?>`
It is strongly advized to check that this regular expression will match your needs.
We have not covered all of the edge cases for this script so be warned running this
script could have negative consequences.
The script accepts two arguments: action and directory
Actions:
* Find - Scans directory recursively and lists all potentially infected files
* Remove - Scans directory recursively and removes the regular express match
from all potentially infected files
```
python -m eval_scrubber find <dir>
python -m eval_scrubber remove <dir>
```
Set the log level
```
DEBUG=1 python -m eval_scrubber find <dir>
```
Install via PIP
---------------
```
pip install eval_scrubber
```
CHANGELOG
=========
0.0.3 2015-10-05
----------------
* Better unicode support
0.0.1 2015-10-05
----------------
* Uploaded to pypi
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
eval_scrubber-0.0.4.tar.gz
(3.8 kB
view details)
File details
Details for the file eval_scrubber-0.0.4.tar.gz.
File metadata
- Download URL: eval_scrubber-0.0.4.tar.gz
- Upload date:
- Size: 3.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 619438a83555c8fcf3895ded60fa9f7100f4150812193fa63c2f186bfe30960e |
|
| MD5 | 1603e9659122fd41162970b3b1da6a5e |
|
| BLAKE2b-256 | 827ced1d98fa272307aee9e7e810a3977a9262924cf0a4a492f415516372fc71 |
