{"id":21700692,"url":"https://github.com/marcocesarato/php-antimalware-scanner","last_synced_at":"2025-05-15T16:06:05.465Z","repository":{"id":41339495,"uuid":"126197487","full_name":"marcocesarato/PHP-Antimalware-Scanner","owner":"marcocesarato","description":"AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.","archived":false,"fork":false,"pushed_at":"2024-09-10T19:01:28.000Z","size":6967,"stargazers_count":698,"open_issues_count":45,"forks_count":110,"subscribers_count":32,"default_branch":"master","last_synced_at":"2025-05-10T20:01:47.969Z","etag":null,"topics":["amwscan","antimalware","antivirus","backdoor","cleaner","eval","exploit","free","malware","php","scan","scanner","scanning","shell","tool","virus","wordpress"],"latest_commit_sha":null,"homepage":"https://marcocesarato.github.io/PHP-Antimalware-Scanner/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marcocesarato.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-21T15:09:38.000Z","updated_at":"2025-05-02T21:42:41.000Z","dependencies_parsed_at":"2024-05-10T13:39:59.497Z","dependency_job_id":"d7bfe19b-11c3-492b-93dd-cd97510bd482","html_url":"https://github.com/marcocesarato/PHP-Antimalware-Scanner","commit_stats":{"total_commits":332,"total_committers":10,"mean_commits":33.2,"dds":0.3825301204819277,"last_synced_commit":"440ec21ea06a1554e2a2f9aedd17091ab4980354"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcocesarato%2FPHP-Antimalware-Scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcocesarato%2FPHP-Antimalware-Scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcocesarato%2FPHP-Antimalware-Scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcocesarato%2FPHP-Antimalware-Scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marcocesarato","download_url":"https://codeload.github.com/marcocesarato/PHP-Antimalware-Scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254374465,"owners_count":22060611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amwscan","antimalware","antivirus","backdoor","cleaner","eval","exploit","free","malware","php","scan","scanner","scanning","shell","tool","virus","wordpress"],"created_at":"2024-11-25T20:16:21.758Z","updated_at":"2025-05-15T16:06:05.445Z","avatar_url":"https://github.com/marcocesarato.png","language":"PHP","readme":"\u003cdiv align=\"center\"\u003e\n\n![Version](images/logo.png)\n\n\u003ch1 align=\"center\"\u003ePHP Antimalware Scanner\u003c/h1\u003e\n\n![Version](https://img.shields.io/badge/version-0.14.0-brightgreen?style=for-the-badge)\n![Requirements](https://img.shields.io/badge/php-%3E%3D%205.5-4F5D95?style=for-the-badge)\n![Code Style](https://img.shields.io/badge/code%20style-PSR-blue?style=for-the-badge)\n![License](https://img.shields.io/github/license/marcocesarato/PHP-Antimalware-Scanner?style=for-the-badge)\n[![GitHub](https://img.shields.io/badge/GitHub-Repo-6f42c1?style=for-the-badge)](https://github.com/marcocesarato/PHP-Antimalware-Scanner)\n\n#### If this project helped you out, please support us with a star :star:\n\n[Documentation](https://marcocesarato.github.io/PHP-Antimalware-Scanner/)\n\n\u003c/div\u003e\n\n## Description\n\nPHP Antimalware Scanner is a free tool to scan PHP files and analyze your project to find any malicious code inside it.\n\nIt provides an interactive text terminal console interface to scan a file, or all files in a given directory (file paths\ncan also be managed using `--filter-paths` or `--ignore-paths`), and find PHP code files that seem to contain malicious\ncode. When a probable malware is detected, will be asked what action to take (like add to the whitelist, delete files, try\nclean infected code, etc).\n\nThe package can also scan the PHP files in a report mode (`--report|-r`), so without interacting and outputting anything to\nthe terminal console. In that case, the results will be stored in a report file in HTML (default) or text\nformat (`--report-format \u003cformat\u003e`).\n\nThis scanner can work on your own php projects and on a lot of other platforms using the right combination of\nconfigurations (ex. using `--lite|-l` flag can help to find less false positivity).\n\n:warning: *Remember that you will be solely responsible for any damage to your computer system or loss of data that\nresults from such activities. You are solely responsible for adequate protection and backup of the data before executing\nthe scanner.*\n\n### How to contribute\n\nHave an idea? Found a bug? Please raise to [ISSUES](https://github.com/marcocesarato/PHP-Antimalware-Scanner/issues)\nor [PULL REQUEST](https://github.com/marcocesarato/PHP-Antimalware-Scanner/pulls). Contributions are welcome and are\ngreatly appreciated! Every little bit helps.\n\n## :blue_book: Requirements\n\n- php 5.5+\n - php-xml\n - php-zip\n - php-mbstring\n - php-json\n - php-common \n - php-curl\n - php-gd\n\n## :book: Install\n\n### Release\n\nYou can use one of these methods to install the scanner by downloading it from GitHub or directly from the console.\n\n#### Download\n\nGo to the GitHub page and press on the Releases tab or download the raw file from:\n\n[![Download](https://img.shields.io/badge/Download-Latest%20Build-important?style=for-the-badge)](https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner)\n\n#### Console\n\n1. Run this command from the console (the scanner will be downloaded to your current directory):\n\n `wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner`\n\n2. Run the scanner:\n\n `php scanner ./dir-to-scan -l ...`\n\n3. *(Optional)* Install as bin command (Unix Bash)\n\n Run this command:\n\n ```sh\n wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner -O /usr/bin/awscan.phar \u0026\u0026 \\\n printf \"#!/bin/bash\\nphp /usr/bin/awscan.phar \\$@\" \u003e /usr/bin/awscan \u0026\u0026 \\\n chmod u+x,g+x /usr/bin/awscan.phar \u0026\u0026 \\\n chmod u+x,g+x /usr/bin/awscan \u0026\u0026 \\\n export PATH=$PATH\":/usr/bin\"\n ```\n\n Now you can run the scanner simply with this command: `awscan ./dir-to-scan -l...`\n\n### Source\n\n##### Download\n\nClick the GitHub page \"Clone or download\" or download from:\n\n[![Download](https://img.shields.io/badge/Download-Source-important?style=for-the-badge)](https://codeload.github.com/marcocesarato/PHP-Antimalware-Scanner/zip/master)\n\n##### Git\n\n1. Install git\n2. Copy the command and link from below in your terminal:\n `git clone https://github.com/marcocesarato/PHP-Antimalware-Scanner`\n3. Change directories to the new `~/PHP-Antimalware-Scanner` directory:\n `cd ~/PHP-Antimalware-Scanner/`\n4. To ensure that your master branch is up-to-date, use the pull command:\n `git pull https://github.com/marcocesarato/PHP-Antimalware-Scanner`\n5. Enjoy\n\n## :whale: Docker\n\n1. Download the source\n2. Build command\n `docker build --tag amwscan-docker .`\n3. Run command\n `docker run -it --rm amwscan-docker bash`\n\n## :mag_right: Scanning mode\n\nThe first think you need to decide is the strength, you need to calibrate your scan to find less false positive as possible during scanning without miss for real malware.\nFor this you can choose the aggression level.\n\nThe scanner permit to have some predefined modes:\n\n| Mode | Alias | 🚀 | Description |\n| --------------------------- | ----- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| None\u0026nbsp;*(default)* | | 🔴 | Search for all functions, exploits and malware signs without any restrictions |\n| Only\u0026nbsp;exploits | `-e` | 🟠 | Search only for exploits definitions\u003cbr /\u003eUse flag: `--only-exploits` |\n| Lite\u0026nbsp;mode | `-l` | 🟡 | Search for exploits with some restrictions and malware signs *(on Wordpress and others platform could detect less false positivity)*\u003cbr /\u003eUse flag: `--lite` |\n| Only\u0026nbsp;functions | `-f`| 🟡 | Search only for functions *(on some obfuscated code functions couldn't be detected)* \u003cbr /\u003eUse flag: `--only-functions` |\n| Only\u0026nbsp;signatures | `-s` | 🟢 | Search only for malware signatures *(could be a good solution for Wordpress and others platform to detect less false positivity)*\u003cbr /\u003eUse flag: `--only-signatures` |\n\n## :computer: Usage\n\n### Command line\n\n```\nphp amwscan ./mywebsite/http/ -l -s --only-exploits\nphp amwscan -s --max-filesize=\"5MB\"\nphp amwscan -s -logs=\"/user/marco/scanner.log\"\nphp amwscan --lite --only-exploits\nphp amwscan --exploits=\"double_var2\" --functions=\"eval, str_replace\"\nphp amwscan --ignore-paths=\"/my/path/*.log,/my/path/*/cache/*\"\n```\n\n#### Doesn't work?\nIn case above command doesn't work, you can use script responsible for malware scan manually by executing:\n`php dist/scanner \u003cpath\u003e`\n\nTo check all options check the [Documentation](https://marcocesarato.github.io/PHP-Antimalware-Scanner/options)\n\n### Suggestions\n\nIf you are running the scanner on a Wordpress project or other popular platform use `--only-signatures` or `--lite` flag\nto have check with less false positive but this could miss some dangerous exploits like `nano`.\n\n### Programmatically\n\nOn programmatically silent mode and auto skip are automatically enabled.\n\n```php\nuse AMWScan\\Scanner;\n\n$app = new Scanner();\n$report = $app-\u003esetPathScan(\"my/path/to/scan\")\n -\u003eenableBackups()\n -\u003esetPathBackups(\"/my/path/backups\")\n -\u003eenableLiteMode()\n -\u003esetAutoClean()\n -\u003erun();\n```\n\n##### Report Object\n\n```php\nobject(stdClass) (7) {\n [\"scanned\"] =\u003e int(0)\n [\"detected\"] =\u003e int(0)\n [\"removed\"] =\u003e array(0) {}\n [\"ignored\"] =\u003e array(0) {}\n [\"edited\"] =\u003e array(0) {}\n [\"quarantine\"] =\u003e array(0) {}\n [\"whitelist\"] =\u003e array(0) {}\n}\n```\n\n## :art: Screenshots\n\n### Report\n\n\u003e HTML report format (`default`)\n\n![Screen Report](images/screenshot_report.png)\n\n### Interactive CLI\n\n![Screen Full](images/screenshot_full.png)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarcocesarato%2Fphp-antimalware-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarcocesarato%2Fphp-antimalware-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarcocesarato%2Fphp-antimalware-scanner/lists"}