foulenzer - ITSEC

wp-rex

TABLE OF CONTENT:

What is „wp-rex“?
What is „wp-rex“ not?
Where can I get this script?
How do I use it?
What checks are being made?
What features will be implemented soon?
Can I request a feature?

What is „wp-rex“?

a script, that can help you finding malware in your wordpress installation
easy to use, just upload it to your wordpress directory
usable via http/https-request, usable via ssh/cli
open-source, you do not have to pay anything

What is „wp-rex“ not?

a 100%-guarantee to find all malware in your wordpress installation
a magic tool, that cleans your wordpress in some mysterious way

Where can I get this script?

just clone the repo at https://github.com/foulenzer/wp-rex or
download the file https://raw.githubusercontent.com/foulenzer/wp-rex/master/wp-rex.php e.g. via wget

How do I use it?

upload the file into your wordpress directory
visit this file in your favorite web-browser, e.g. mywordpressblog.com/wp-rex.php
use this tool on the command line interface via php wp-rex.php
- maybe you need to state the absolute path to php, e.g. /usr/bin/php

What checks are being made?

wordpress core file checksum comparison
check for files modified in the last seven days
check all files for malicious code snippets from common malware samples

What features will be implemented soon?

check for suspicious file permissions, e.g. executable wp-config.php (Why would anybody do this?!)
check for additional files, which do not belong there
check for common malware filename patterns
return results in an array
add a scoring procedure, calculating the chance, that a malware attack has been executed
continously updated malware samples

Can I request a feature?

sure, just hit me up at github: https://github.com/foulenzer/wp-rex
or via mail: website@foulenzer.me