feat: added bin folder with scripts and changed distribute to build

Added bin folder with scripts
Changed distribute to build
Changed images folders

Author: marcocesarato

.cs.php .php_cs

@@ -1,9 +1,9 @@
 <?php
 
 return PhpCsFixer\Config::create()
-                        ->setUsingCache(false)
+                        ->setUsingCache(true)
                         ->setRiskyAllowed(true)
-                        //->setCacheFile(__DIR__ . '/.php_cs.cache')
+                        ->setCacheFile(__DIR__ . '/.php_cs.cache')
                         ->setRules(array(
                             '@PSR1'                        => true,
                             '@PSR2'                        => true,
@@ -13,7 +13,7 @@
                             'align_multiline_comment'      => array('comment_type' => 'phpdocs_only'), // PSR-5
                             'phpdoc_to_comment'            => false,
                             'array_indentation'            => true,
-                            //'array_syntax'                 => ['syntax' => 'short'],
+                            'array_syntax'                 => array('syntax' => 'long'),
                             'cast_spaces'                  => array('space' => 'none'),
                             'concat_space'                 => array('spacing' => 'one'),
                             'compact_nullable_typehint'    => true,
@@ -34,7 +34,7 @@
                             ),
                         ))
                         ->setFinder(PhpCsFixer\Finder::create()
-                                                     ->in(__DIR__ . '/src')
-                                                     ->name('*')
+                                                     ->in(__DIR__)
+                                                     ->name('*.php')
                                                      ->ignoreDotFiles(true)
                                                      ->ignoreVCS(true));

README.md

@@ -1,4 +1,4 @@
-# ![amwscan](amwscan.png)
+# ![amwscan](images/amwscan.png)
 
 # AMWSCAN - PHP Antimalware Scanner
 
@@ -21,7 +21,7 @@ Use this command `php -d disable_functions` for run the program without issues.
 - php 5+
 
 ## Install
- 
+
 ### Release
 
 You can use one of this method for install the scanner downloading it from github or directly from console.
@@ -33,7 +33,7 @@ https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/d
 
 #### Console
 
-1. Run this command from console (scanner will be download on your current directory): 
+1. Run this command from console (scanner will be download on your current directory):
 
    `wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner --no-check-certificate`
 
@@ -45,16 +45,18 @@ https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/d
 
 ##### Download
 
-Click on GitHub page "Clone or download" or download from: 
+Click on GitHub page "Clone or download" or download from:
 https://codeload.github.com/marcocesarato/PHP-Antimalware-Scanner/zip/master
 
 ##### Composer
+
 1. Install composer
 2. Type `composer require marcocesarato/amwscan`
 3. Go on `vendor/marcocesarato/amwscan/` for have source
 4. Enjoy
 
 ##### Git
+
 1. Install git
 2. Copy the command and link from below in your terminal:
    `git clone https://github.com/marcocesarato/PHP-Antimalware-Scanner`
@@ -64,14 +66,14 @@ https://codeload.github.com/marcocesarato/PHP-Antimalware-Scanner/zip/master
    `git pull https://github.com/marcocesarato/PHP-Antimalware-Scanner`
 5. Enjoy
 
-## Distribute
+## Build
 
 For compile `/src/` folder to single file `/dist/scanner` you need to do this:
 
 1. Install composer requirements:
    `composer install`
-2. Run distribute script *(replace 0.5.x.x with your version number)*:
-   `php distribute 0.5.x.x`
+2. Run distribute script _(replace 0.5.x.x with your version number)_:
+   `composer build 0.5.x.x`
 
 ## Test
 
@@ -83,13 +85,13 @@ https://github.com/marcocesarato/PHP-Malware-Collection
 
 You could find some false positive during scanning. For this you can choice the aggression level as following:
 
-| Param               | Abbr | Aggressivity      | Description                                                                                                                                                                     |
-|---------------------|------|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                     |      | VERY AGGRESSIVE   | Search for all functions/exploits on lists and all malware signatures without restrictions                                                                                      |
-| `--agile`           | -a   | MEDIUM            | Search for some specific exploits on lists with some restrictions and all malware signatures (on Wordpress and others platform could find more malware and more false positive) |
-| `--only-signatures` | -s   | NORMAL            | Search for all malware signatures (could be perfect for Wordpress and others platform for have less false positive)                                                             |
-| `--only-exploits`   | -e   | AGGRESSIVE        | Search for exploits on lists                                                                                                                                                    |
-| `--only-functions`  | -f   | MEDIUM            | Search for all functions on lists (on some obfuscated code can't be detected)                                                                                                   |
+| Param               | Abbr | Aggressivity    | Description                                                                                                                                                                     |
+| ------------------- | ---- | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|                     |      | VERY AGGRESSIVE | Search for all functions/exploits on lists and all malware signatures without restrictions                                                                                      |
+| `--agile`           | -a   | MEDIUM          | Search for some specific exploits on lists with some restrictions and all malware signatures (on Wordpress and others platform could find more malware and more false positive) |
+| `--only-signatures` | -s   | NORMAL          | Search for all malware signatures (could be perfect for Wordpress and others platform for have less false positive)                                                             |
+| `--only-exploits`   | -e   | AGGRESSIVE      | Search for exploits on lists                                                                                                                                                    |
+| `--only-functions`  | -f   | MEDIUM          | Search for all functions on lists (on some obfuscated code can't be detected)                                                                                                   |
 
 ### Suggestions
 
@@ -106,6 +108,7 @@ You could find some false positive during scanning. For this you can choice the
 Then if you run the scanner on a Wordpress project or others common platforms type `--only-signatures` or `--agile` as argument for a check with less false positive.
 
 #### Examples:
+
 ```
 php -d disable_functions='' scanner -s
 php -d disable_functions='' scanner -a
@@ -114,6 +117,7 @@ php -d disable_functions='' scanner -a
 ## Detection Options
 
 When a malware is detected you will have the following choices (except when scanner is in report scan mode `--report`):
+
 - Delete file
 - Move to quarantine `(move to ./quarantine)`
 - Try remove evil code
@@ -126,7 +130,7 @@ When a malware is detected you will have the following choices (except when scan
 
 ## Usage
 
-```		
+```
 Arguments:
 <path>                       - Define the path to scan (default: current directory)
 
@@ -153,27 +157,29 @@ Flags:
 --list                       - Get default exploit and functions list
 --list-exploits              - Get default exploits list
 --list-functions             - Get default functions lists
-     
-Notes: 
+
+Notes:
 For open files with nano or vim run the scripts with "-d disable_functions=''"
 
 Examples: php -d disable_functions='' scanner ./mywebsite/http/ -l -s --only-exploits
           php -d disable_functions='' scanner -s --max-filesize="5MB"
           php -d disable_functions='' scanner -s -logs="/user/marco/scanner.log"
           php -d disable_functions='' scanner --agile --only-exploits
           php -d disable_functions='' scanner --exploits="double_var2" --functions="eval, str_replace"
-                         
+
 Usage: php scanner [--agile|-a] [--help|-h] [--log|-l] [--report|-r] [--version|-v] [--update|-u] [--only-signatures|-s] [--only-exploits|-e] [--only-functions|-f] [--list] [--list-exploits] [--list-functions] [--exploits <exploits>] [--functions <functions>] [--whitelist-only-path] [<path>]
 ```
 
 ### Exploits and Functions List
 
 #### Exploits
+
 - `eval_chr`, `eval_preg`, `eval_base64`, `eval_comment`, `eval_execution`, `align`, `b374k`, `weevely3`, `c99_launcher`, `too_many_chr`, `concat`, `concat_vars_with_spaces`, `concat_vars_array`, `var_as_func`, `global_var_string`, `extract_global`, `escaped_path`, `include_icon`, `backdoor_code`, `infected_comment`, `hex_char`, `hacked_by`, `killall`, `globals_concat`, `globals_assign`, `base64_long`, `base64_inclusion`, `clever_include`, `basedir_bypass`, `basedir_bypass2`, `non_printable`, `double_var`, `double_var2`, `global_save`, `hex_var`, `register_function`, `safemode_bypass`, `ioncube_loader`, `nano`, `ninja`, `execution`, `execution2`, `execution3`, `shellshock`, `silenced_eval`, `silence_inclusion`, `ssi_exec`, `htaccess_handler`, `htaccess_type`, `file_prepend`, `iis_com`, `reversed`, `rawurlendcode_rot13`, `serialize_phpversion`, `md5_create_function`, `god_mode`, `wordpress_filter`, `password_protection_md5`, `password_protection_sha`, `custom_math`, `custom_math2`, `uncommon_function`, `download_remote_code`, `download_remote_code2`, `download_remote_code3`, `php_uname`, `etc_passwd`, `etc_shadow`, `explode_chr`
 
 #### Functions
+
 - `il_exec`, `shell_exec`, `eval`, `system`, `create_function`, `exec`, `assert`, `syslog`, `passthru`, `define_syslog_variables`, `posix_kill`, `posix_uname`, `proc_close`, `proc_get_status`, `proc_nice`, `proc_open`, `proc_terminate`, `inject_code`, `apache_child_terminate`, `apache_note`, `define_syslog_variables`
 
 ## Screenshots
 
-![Screen 1](screenshots/screenshot_1.png)![Screen 2](screenshots/screenshot_2.png)![Screen 3](screenshots/screenshot_3.png)
+![Screen 1](images/screenshot_1.png)![Screen 2](images/screenshot_2.png)![Screen 3](images/screenshot_3.png)

distribute bin/build

@@ -1,3 +1,4 @@
+#!/usr/bin/env php
 <?php
 
 /**
@@ -8,10 +9,12 @@
  * @link https://github.com/marcocesarato/PHP-Antimalware-Scanner
  */
 
-require __DIR__ . '/vendor/autoload.php';
+define('ROOT', dirname(__DIR__));
 
-$input  = 'src/scanner';
-$output = 'dist/scanner';
+require ROOT . '/vendor/autoload.php';
+
+$input  = ROOT . '/src/scanner';
+$output = ROOT . '/dist/cli/scanner';
 
 $jc               = new JuggleCode();
 $jc->masterfile   = $input;

bin/composer

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+echo "Running php-cs-fixer to format the code on git diff..."
+
+# Variables
+# shellcheck disable=SC2164
+CURRENT_DIRECTORY="$(cd "$(dirname "$0")"; pwd -P)"
+PROJECT_DIRECTORY="$(dirname "${CURRENT_DIRECTORY}")"
+
+# shellcheck disable=SC2164
+cd "${PROJECT_DIRECTORY}";
+
+PHP_CS_FIXER="${PROJECT_DIRECTORY}/vendor/bin/php-cs-fixer"
+PHP_CS_CONFIG=".php_cs"
+
+git diff --cached --name-only --diff-filter=ACMR HEAD -- '*.php' | while read line; do
+  echo " - Fixing: ${line}"
+  # PHP CS Fixer
+  php "${CURRENT_DIRECTORY}/run" ${PHP_CS_FIXER} fix --config=${PHP_CS_CONFIG} --verbose ${line};
+  git add "$line";
+done
+
+# shellcheck disable=SC2164
+cd "${CURRENT_DIRECTORY}";
+echo "[Done] Operation completed!"

bin/fix-cs

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+echo "Running php-cs-fixer to format the code..."
+
+# Variables
+# shellcheck disable=SC2164
+CURRENT_DIRECTORY="$(cd "$(dirname "$0")"; pwd -P)"
+PROJECT_DIRECTORY="$(dirname "${CURRENT_DIRECTORY}")"
+
+# shellcheck disable=SC2164
+cd "${PROJECT_DIRECTORY}";
+
+PHP_CS_FIXER="${PROJECT_DIRECTORY}/vendor/bin/php-cs-fixer"
+PHP_CS_CONFIG=".php_cs"
+
+# PHP CS Fixer
+php "${CURRENT_DIRECTORY}/run" ${PHP_CS_FIXER} fix --config=${PHP_CS_CONFIG} --verbose;
+
+git add "${PROJECT_DIRECTORY}"
+
+# shellcheck disable=SC2164
+cd "${CURRENT_DIRECTORY}";
+echo "[Done] Operation completed!"

bin/fix-cs-all

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# Variables
+# shellcheck disable=SC2164
+CURRENT_DIRECTORY="$(cd "$(dirname "$0")"; pwd -P)"
+PROJECT_DIRECTORY="$(dirname "${CURRENT_DIRECTORY}")"
+
+# shellcheck disable=SC2164
+cd "${PROJECT_DIRECTORY}";
+
+echo "Checking PHP Lint..."
+
+if [ -z "$1" ]
+then
+  git diff --cached --name-only --diff-filter=ACMR HEAD -- '*.php' | while read line; do
+      php -l -d display_errors=1 "${PROJECT_DIRECTORY}/$line"
+      if [ $? != 0 ]
+      then
+          echo "[!] Fix the error before(s) commit."
+          exit 1
+      fi
+      FILES="$FILES $PROJECT_DIRECTORY/$line"
+  done
+else
+  php -l -d display_errors=1 "${PROJECT_DIRECTORY}/$1"
+  if [ $? != 0 ]
+  then
+      echo "[!] Fix the error before(s) commit."
+      exit 1
+  fi
+fi
+
+echo "[Done] Operation completed!"

bin/lint

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# Variables
+# shellcheck disable=SC2164
+CURRENT_DIRECTORY="$(cd "$(dirname "$0")"; pwd -P)"
+PROJECT_DIRECTORY="$(dirname "${CURRENT_DIRECTORY}")"
+
+# shellcheck disable=SC2164
+cd "${PROJECT_DIRECTORY}";
+
+# Check PHP Lint
+sh "$CURRENT_DIRECTORY/lint"
+
+[ $? -eq 0 ]  || exit 1
+
+# Run php-cs-fixer
+php "$CURRENT_DIRECTORY/composer" fix-cs

bin/pre-commit

@@ -0,0 +1,86 @@
+#!/usr/bin/env php
+<?php
+
+// Set working dir
+chdir(dirname(__DIR__));
+
+if (is_console()) {
+    array_shift($argv);
+    $file = $argv[0];
+    if (file_exists($file)) {
+        // Read shebang
+        $fopen = fopen($file, 'rb');
+        $shebang = fgets($fopen);
+        fclose($fopen);
+
+        // Detect runner
+        $runner = 'sh'; // Default bash
+
+        if (strpos($shebang, 'bash') !== false) {
+            $runner = 'sh';
+        }
+
+        if (strpos($shebang, 'php') !== false) {
+            $runner = "php -d disable_functions=''";
+        }
+
+        if (strpos($shebang, 'node') !== false) {
+            $runner = 'npm';
+        }
+
+        if(command_exists($runner)) {
+            $command = $runner . ' ' . implode(' ', $argv);
+            // Print command for debug
+            echo '> ' . $command . PHP_EOL;
+
+            // Execute command with verbose
+            passthru($command);
+        } else {
+            echo "[ERROR] > You need to install `$runner` on your environment for run this script!";
+        }
+    }
+}
+
+/**
+ * Is console.
+ *
+ * @return bool
+ */
+function is_console()
+{
+    return defined('STDIN') ||
+           php_sapi_name() === 'cli' ||
+           (empty($_SERVER['REMOTE_ADDR']) && !isset($_SERVER['HTTP_USER_AGENT']) && count($_SERVER['argv']) > 0);
+}
+
+/**
+ * Determines if a command exists on the current environment
+ *
+ * @param string $command The command to check
+ * @return bool True if the command has been found ; otherwise, false.
+ */
+function command_exists($command)
+{
+    $whereIsCommand = (PHP_OS === 'WINNT') ? 'where' : 'which';
+
+    $process = proc_open(
+        "$whereIsCommand $command",
+        array(
+            0 => ["pipe", "r"], //STDIN
+            1 => ["pipe", "w"], //STDOUT
+            2 => ["pipe", "w"], //STDERR
+        ),
+        $pipes
+    );
+    if ($process !== false) {
+        $stdout = stream_get_contents($pipes[1]);
+        $stderr = stream_get_contents($pipes[2]);
+        fclose($pipes[1]);
+        fclose($pipes[2]);
+        proc_close($process);
+
+        return $stdout != '';
+    }
+
+    return false;
+}