Simple IOC Scanner
Scanner for Simple Indicators of Compromise
PHP scanner written in Python for identifying PHP backdoors and php malicious code. This tool is mainly reusing below mentioned tools. To use this tool, you need to install yara library for Python from the source.
Does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. Detection is performed by crawling the filesystem and testing files against a set of YARA rules.
Scans the current working directory and display results with the score greater than the given value. Released under the MIT license.
an open source program which looks for security vulnerabilities, code-quality, performance, and conformance.
Web Security Scanner
Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
A static source code analyser for vulnerabilities in PHP .scripts
an open source web server scanner which performs comprehensive tests against web servers for multiple items, including potentially dangerous files/program.
ClamAV extension for PHP (php-clamav) - a fork of the php-clamavlib project allows to incorporate virus scanning features in your PHP scripts.
Older projects: securityscanner, phpsecaudit.
Check also the following security websites:
PHP Security Consortium
Founded in January 2005, the PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Members of the PHPSC seek to educate PHP developers about security through a variety of resources, including documentation, tools, and standards.