Skip to main content
Join the official 2019 Python Developers SurveyStart the survey!

Finds and removes malicious eval base64 PHP code.

Project description

Eval/Base64 File Scrubber [![Build Status](](

This script will walk through all files in a directory, find, and remove
any content that is suspected to be malicious.

This scan uses a regular expression to seek out any potentially malicious content

infected_pattern = re.compile(r"<\?php\s*eval\((.+\()*base64_decode\(.+\)\).+\s*?>")

What it is matching is `<?php eval(base64_decode()) ?>` or `<?php eval(gzinflate(base64_decode())) ?>`

It is strongly advized to check that this regular expression will match your needs.

We have not covered all of the edge cases for this script so be warned running this
script could have negative consequences.

The script accepts two arguments: action and directory


* Find - Scans directory recursively and lists all potentially infected files
* Remove - Scans directory recursively and removes the regular express match
from all potentially infected files

python -m eval_scrubber find <dir>
python -m eval_scrubber remove <dir>

Set the log level
DEBUG=1 python -m eval_scrubber find <dir>

Install via PIP

pip install eval_scrubber


0.0.3 2015-10-05

* Better unicode support

0.0.1 2015-10-05

* Uploaded to pypi

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for eval_scrubber, version 0.0.4
Filename, size File type Python version Upload date Hashes
Filename, size eval_scrubber-0.0.4.tar.gz (3.8 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page