My friend and I were both on a well known shared hosting platform and had our websites defaced through a shared hosting vulnerability which affected multiple sites on the same machine. During my investigation of the sites, I found the files had similar patterns and could be reliably detected using basic scanning methodologies. With this in mind, I designed a Bash script which could scan a copy of the web server files and detect patterns and anomalies commonly seen in malicious scripts. While we were both running PHP on different server machines, the script may be useful in different environments and even non-malicious detections are good reminders of specific code patterns.
Start of Bash code for the tool
Tool running while passing first scan
Finished and passed all scans
Help information
Help Bash code
