Created
February 28, 2015 11:39
-
-
Save hpohlmeyer/accf255d98e8bcd0ad8b to your computer and use it in GitHub Desktop.
Search for encoded code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Hackers often base64 encode malicious code to make it | |
| # harder to find. Try these commands on your sites root folder | |
| # to find base64 occurences. Look out for large code blocks | |
| # in the output and check the code. | |
| # You can search in php files only, but if the site is not too | |
| # huge, I would recommend to search through all your files. | |
| # 1. option | |
| # Use this option for Linux based systems, where grep -r is | |
| # available. The use command are: | |
| # -i Case insensetive | |
| # -r Recursive (includes subfolders) | |
| # -n Display line-numbers | |
| # --color=auto Color the found instance, if possible. | |
| # * The filename – a wildcard in this case. Use "*.php" to search php files only. | |
| grep -r -i -n --color=auto "base64_decode" "*" | |
| grep -r -i -n --color=auto "eval" "*" | |
| # For Systems that do not support grep -r use this | |
| # command. It will do pretty much the same. | |
| find . -name "*" -exec grep -i "base64_decode" '{}' \; | |
| find . -name "*" -exec grep -i "eval" '{}' \; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment