PHPackages marcocesarato/amwscan - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. marcocesarato/amwscan ActiveConsole[CLI & Console](/categories/cli) marcocesarato/amwscan ===================== AMWSCAN (Antimalware Scanner) is a php antimalware/antivirus scanner console script written in php for scan your project. This can work on php projects and a lot of others platform. 0.14.4(7mo ago)75317.8k↓44.4%117[10 PRs](https://github.com/marcocesarato/PHP-Antimalware-Scanner/pulls)1GPL-3.0-or-laterPHPPHP >=7.4CI passing Since Feb 12Pushed 6mo ago27 watchersCompare [ Source](https://github.com/marcocesarato/PHP-Antimalware-Scanner)[ Packagist](https://packagist.org/packages/marcocesarato/amwscan)[ RSS](/packages/marcocesarato-amwscan/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (3)Versions (65)Used By (1) [![Version](images/logo.png)](images/logo.png) PHP Antimalware Scanner ======================= [](#php-antimalware-scanner) [![Version](https://camo.githubusercontent.com/94dcff3f50c56727e13554331e64b3ade7eba6b1318fe67c5ecc018df47821c7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f76657273696f6e2d302e31352e312d627269676874677265656e3f7374796c653d666f722d7468652d6261646765)](https://camo.githubusercontent.com/94dcff3f50c56727e13554331e64b3ade7eba6b1318fe67c5ecc018df47821c7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f76657273696f6e2d302e31352e312d627269676874677265656e3f7374796c653d666f722d7468652d6261646765)[![Requirements](https://camo.githubusercontent.com/3a62e73add0dbd24fa67685a9f76e3822e91bc60c19afa86b162b26b96bc361b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344253230372e342d3446354439353f7374796c653d666f722d7468652d6261646765)](https://camo.githubusercontent.com/3a62e73add0dbd24fa67685a9f76e3822e91bc60c19afa86b162b26b96bc361b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344253230372e342d3446354439353f7374796c653d666f722d7468652d6261646765)[![Code Style](https://camo.githubusercontent.com/000febe2e58c6ccf84061ab98e00ae35067cbb54f8a10eb3b73523845514070a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f64652532307374796c652d5053522d626c75653f7374796c653d666f722d7468652d6261646765)](https://camo.githubusercontent.com/000febe2e58c6ccf84061ab98e00ae35067cbb54f8a10eb3b73523845514070a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f64652532307374796c652d5053522d626c75653f7374796c653d666f722d7468652d6261646765)[![License](https://camo.githubusercontent.com/a06eef31012c0e8c5671c3b14e7b819f59c885fd951fb2f395c54db60acbfb0d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6d6172636f636573617261746f2f5048502d416e74696d616c776172652d5363616e6e65723f7374796c653d666f722d7468652d6261646765)](https://camo.githubusercontent.com/a06eef31012c0e8c5671c3b14e7b819f59c885fd951fb2f395c54db60acbfb0d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6d6172636f636573617261746f2f5048502d416e74696d616c776172652d5363616e6e65723f7374796c653d666f722d7468652d6261646765)[![GitHub](https://camo.githubusercontent.com/79a7a0225dda64f2d718544f148d7b4347db3395a37a6ff37c86ac00df981a64/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4769744875622d5265706f2d3666343263313f7374796c653d666f722d7468652d6261646765)](https://github.com/marcocesarato/PHP-Antimalware-Scanner) #### If this project helped you out, please support us with a star ⭐ [](#if-this-project-helped-you-out-please-support-us-with-a-star-star) [Documentation](https://marcocesarato.github.io/PHP-Antimalware-Scanner/) Description ----------- [](#description) PHP Antimalware Scanner is a free tool to scan PHP files and analyze your project to find any malicious code inside it. It provides an interactive text terminal console interface to scan a file, or all files in a given directory (file paths can also be managed using `--filter-paths` or `--ignore-paths`), and find PHP code files that seem to contain malicious code. When a probable malware is detected, will be asked what action to take (like add to the whitelist, delete files, try clean infected code, etc). The package can also scan the PHP files in a report mode (`--report|-r`), so without interacting and outputting anything to the terminal console. In that case, the results will be stored in a report file in HTML (default) or text format (`--report-format `). This scanner can work on your own php projects and on a lot of other platforms using the right combination of configurations (ex. using `--lite|-l` flag can help to find less false positivity). ⚠️ *Remember that you will be solely responsible for any damage to your computer system or loss of data that results from such activities. You are solely responsible for adequate protection and backup of the data before executing the scanner.* ### How to contribute [](#how-to-contribute) Have an idea? Found a bug? Please raise to [ISSUES](https://github.com/marcocesarato/PHP-Antimalware-Scanner/issues)or [PULL REQUEST](https://github.com/marcocesarato/PHP-Antimalware-Scanner/pulls). Contributions are welcome and are greatly appreciated! Every little bit helps. 📘 Requirements -------------- [](#blue_book-requirements) - php 7.4+ (PHP 8.x recommended) - php-xml - php-zip - php-mbstring - php-json - php-common - php-curl - php-gd 📖 Install --------- [](#book-install) ### Release [](#release) You can use one of these methods to install the scanner by downloading it from GitHub or directly from the console. #### Download [](#download) Go to the GitHub page and press on the Releases tab or download the raw file from: [![Download](https://camo.githubusercontent.com/c1dcfba1fa34765f5edd38257a6429d107a9f48fa540b4099dd91feaa4af239c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f776e6c6f61642d4c61746573742532304275696c642d696d706f7274616e743f7374796c653d666f722d7468652d6261646765)](https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner) #### Console [](#console) 1. Run this command from the console (the scanner will be downloaded to your current directory): `wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner` 2. Run the scanner: `php scanner ./dir-to-scan -l ...` 3. *(Optional)* Install as bin command (Unix Bash) Run this command: ``` wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner -O /usr/bin/awscan.phar && \ printf "#!/bin/bash\nphp /usr/bin/awscan.phar \$@" > /usr/bin/awscan && \ chmod u+x,g+x /usr/bin/awscan.phar && \ chmod u+x,g+x /usr/bin/awscan && \ export PATH=$PATH":/usr/bin" ``` Now you can run the scanner simply with this command: `awscan ./dir-to-scan -l...` ### Composer [](#composer) The package is available on [Packagist](https://packagist.org/packages/marcocesarato/amwscan). ##### Global Installation (recommended) [](#global-installation-recommended) For system-wide installation, use: ``` composer global require marcocesarato/amwscan ``` After installation, run the scanner using: ``` php $(composer global config home)/vendor/marcocesarato/amwscan/src/index.php [options] ``` Or create an alias for easier usage: ``` alias amwscan='php $(composer global config home)/vendor/marcocesarato/amwscan/src/index.php' ``` Then you can run: `amwscan [options]` ##### Project-Level Installation [](#project-level-installation) For installing within a specific project: ``` composer require marcocesarato/amwscan ``` After installation, run the scanner using: ``` php vendor/marcocesarato/amwscan/src/index.php [options] ``` ### Source [](#source) ##### Download [](#download-1) Click the GitHub page "Clone or download" or download from: [![Download](https://camo.githubusercontent.com/cc0b4c6a90d431efd3e88fdf9f3237f7ae6d596b2af35b6d6ba2a50b0377e691/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f776e6c6f61642d536f757263652d696d706f7274616e743f7374796c653d666f722d7468652d6261646765)](https://codeload.github.com/marcocesarato/PHP-Antimalware-Scanner/zip/master) ##### Git [](#git) 1. Install git 2. Copy the command and link from below in your terminal: `git clone https://github.com/marcocesarato/PHP-Antimalware-Scanner` 3. Change directories to the new `~/PHP-Antimalware-Scanner` directory: `cd ~/PHP-Antimalware-Scanner/` 4. To ensure that your master branch is up-to-date, use the pull command: `git pull https://github.com/marcocesarato/PHP-Antimalware-Scanner` 5. Enjoy 🐳 Docker -------- [](#whale-docker) 1. Download the source 2. Build command `docker build --tag amwscan-docker .` 3. Run command `docker run -it --rm amwscan-docker bash` 🧪 Testing --------- [](#test_tube-testing) The project includes a comprehensive test suite with unit and integration tests. ### Running Tests [](#running-tests) ``` # Run all tests composer test # Run only unit tests composer test:unit # Run only integration tests composer test:integration # Generate coverage report composer test:coverage ``` ### Writing Tests [](#writing-tests) Tests are organized into: - **Unit Tests** (`tests/Unit/`) - Fast, isolated tests for individual classes - **Integration Tests** (`tests/Integration/`) - CLI execution tests with various configurations - **Test Fixtures** (`tests/Fixtures/`) - Sample files for testing (clean, malware, obfuscated) For detailed information on writing and debugging tests, see [TESTING.md](TESTING.md). ### Continuous Integration [](#continuous-integration) Tests run automatically on pull requests and pushes across multiple PHP versions (7.4, 8.0, 8.1, 8.2, 8.3). 🔎 Scanning mode --------------- [](#mag_right-scanning-mode) The first think you need to decide is the strength, you need to calibrate your scan to find less false positive as possible during scanning without miss for real malware. For this you can choose the aggression level. The scanner permit to have some predefined modes: ModeAlias🚀DescriptionNone *(default)*🔴Search for all functions, exploits and malware signs without any restrictionsOnly exploits`-e`🟠Search only for exploits definitions Use flag: `--only-exploits`Lite mode`-l`🟡Search for exploits with some restrictions and malware signs *(on Wordpress and others platform could detect less false positivity)* Use flag: `--lite`Only functions`-f`🟡Search only for functions *(on some obfuscated code functions couldn't be detected)* Use flag: `--only-functions`Only signatures`-s`🟢Search only for malware signatures *(could be a good solution for Wordpress and others platform to detect less false positivity)* Use flag: `--only-signatures`💻 Usage ------- [](#computer-usage) ### Command line [](#command-line) ``` php amwscan ./mywebsite/http/ -l -s --only-exploits php amwscan -s --max-filesize="5MB" php amwscan -s -logs="/user/marco/scanner.log" php amwscan --lite --only-exploits php amwscan --exploits="double_var2" --functions="eval, str_replace" php amwscan --ignore-paths="/my/path/*.log,/my/path/*/cache/*" ``` #### Doesn't work? [](#doesnt-work) In case above command doesn't work, you can use script responsible for malware scan manually by executing: `php dist/scanner ` To check all options check the [Documentation](https://marcocesarato.github.io/PHP-Antimalware-Scanner/options) ### Suggestions [](#suggestions) If you are running the scanner on a Wordpress project or other popular platform use `--only-signatures` or `--lite` flag to have check with less false positive but this could miss some dangerous exploits like `nano`. ### Programmatically [](#programmatically) On programmatically silent mode and auto skip are automatically enabled. ``` use AMWScan\Scanner; $app = new Scanner(); $report = $app->setPathScan("my/path/to/scan") ->enableBackups() ->setPathBackups("/my/path/backups") ->enableLiteMode() ->setAutoClean() ->run(); ``` ##### Report Object [](#report-object) ``` object(stdClass) (7) { ["scanned"] => int(0) ["detected"] => int(0) ["removed"] => array(0) {} ["ignored"] => array(0) {} ["edited"] => array(0) {} ["quarantine"] => array(0) {} ["whitelist"] => array(0) {} } ``` 🎨 Screenshots ------------- [](#art-screenshots) ### Report [](#report) > HTML report format (`default`) [![Screen Report](images/screenshot_report.png)](images/screenshot_report.png) ### Interactive CLI [](#interactive-cli) [![Screen Full](images/screenshot_full.png)](images/screenshot_full.png) ### Health Score 55 — FairBetter than 98% of packages Maintenance65 Regular maintenance activity Popularity50 Moderate usage in the ecosystem Community31 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 77% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~62 days Recently: every ~127 days Total 40 Last Release 223d ago PHP version history (4 changes)v0.4.0.39PHP >=5.3.0 v0.5.0.68PHP >=5.4 v0.7.4.147PHP >=5.5 0.14.4PHP >=7.4 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/36447518?v=4)[Marco Cesarato](/maintainers/marcocesarato)[@marcocesarato](https://github.com/marcocesarato) --- Top Contributors [![marcocesarato](https://avatars.githubusercontent.com/u/36447518?v=4)](https://github.com/marcocesarato "marcocesarato (282 commits)")[![Copilot](https://avatars.githubusercontent.com/in/1143301?v=4)](https://github.com/Copilot "Copilot (42 commits)")[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (20 commits)")[![esurov](https://avatars.githubusercontent.com/u/1679357?v=4)](https://github.com/esurov "esurov (7 commits)")[![milosdjakonovic](https://avatars.githubusercontent.com/u/7941165?v=4)](https://github.com/milosdjakonovic "milosdjakonovic (5 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (3 commits)")[![sommoMicc](https://avatars.githubusercontent.com/u/20479709?v=4)](https://github.com/sommoMicc "sommoMicc (2 commits)")[![stephanniewerth](https://avatars.githubusercontent.com/u/12692106?v=4)](https://github.com/stephanniewerth "stephanniewerth (1 commits)")[![ImgBotApp](https://avatars.githubusercontent.com/u/31427850?v=4)](https://github.com/ImgBotApp "ImgBotApp (1 commits)")[![juchi](https://avatars.githubusercontent.com/u/3333098?v=4)](https://github.com/juchi "juchi (1 commits)")[![oxyc](https://avatars.githubusercontent.com/u/302736?v=4)](https://github.com/oxyc "oxyc (1 commits)")[![AronNovak](https://avatars.githubusercontent.com/u/114076?v=4)](https://github.com/AronNovak "AronNovak (1 commits)") --- Tags amwscanantimalwareantivirusbackdoorcleanerevalexploitfreemalwarephpscanscannerscanningshelltoolviruswordpresscodeshellbase64tooldecodeanalysisfunctionsscannercleanerobfuscationsignaturesvirusevalantivirusscanmalwareexploitscanningevilantimalwareamwscandeobfuscateddeobfuscatordeobfuscationobfuscatedevil-codebackdoor ### Code Quality Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/marcocesarato-amwscan/health.svg) ``` [![Health](https://phpackages.com/badges/marcocesarato-amwscan/health.svg)](https://phpackages.com/packages/marcocesarato-amwscan) ``` ### Alternatives [psy/psysh An interactive shell for modern PHP. 9.8k545.6M719](/packages/psy-psysh)[nunomaduro/phpinsights Instant PHP quality checks from your console. 5.6k10.8M426](/packages/nunomaduro-phpinsights)[mikehaertl/php-shellcommand An object oriented interface to shell commands 32437.5M61](/packages/mikehaertl-php-shellcommand)[ollyxar/php-malware-detector PHP malware detector 12926.4k](/packages/ollyxar-php-malware-detector)[kevinlebrun/colors.php Colors for PHP CLI scripts 3426.7M45](/packages/kevinlebrun-colorsphp)[mrrio/shellwrap Use any command-line tool as a PHP function. 738198.8k2](/packages/mrrio-shellwrap) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)