foulenzer - ITSEC

wp-rex


TABLE OF CONTENT:



What is „wp-rex“?

  • a script, that can help you finding malware in your wordpress installation
  • easy to use, just upload it to your wordpress directory
  • usable via http/https-request, usable via ssh/cli
  • open-source, you do not have to pay anything

What is „wp-rex“ not?

  • a 100%-guarantee to find all malware in your wordpress installation
  • a magic tool, that cleans your wordpress in some mysterious way

Where can I get this script?


How do I use it?

  • upload the file into your wordpress directory
  • visit this file in your favorite web-browser, e.g. mywordpressblog.com/wp-rex.php
  • use this tool on the command line interface via php wp-rex.php
    • maybe you need to state the absolute path to php, e.g. /usr/bin/php

What checks are being made?

  • wordpress core file checksum comparison
  • check for files modified in the last seven days
  • check all files for malicious code snippets from common malware samples

What features will be implemented soon?

  • check for suspicious file permissions, e.g. executable wp-config.php (Why would anybody do this?!)
  • check for additional files, which do not belong there
  • check for common malware filename patterns
  • return results in an array
  • add a scoring procedure, calculating the chance, that a malware attack has been executed
  • continously updated malware samples

Can I request a feature?

Nach oben scrollen