About OWASP Web Malware Scanner is a simple malware scanner for web applications. It can be used to identify compromised Wordpress, Joomla and other popular web application installations. Official OWASP Project Page Requirements python >= 2.7 Installation Usage To scan for compromised installations : Signature database OWASP Web Malware Scanner uses a community-driven malware signature database to detect malwares. Signatures are found under the signatures/ folder. Each signature must be a textfile, that contains the following JSON object:

The 'Database_Signatures' object must be an array of objects that must contains the malware name (Malware_Name) and the signature's array of regular expressions (Malware_Signatures). If the content of a file matches one of these regular expression, it will be marked as infected. The signatures for PHP files are in 'signatures/php/'. The signatures for Javascript files are in 'signatures/js/'. OWASP Web Malware Scanner also performs md5 file checksums. MD5 file signatures are in 'signatures/checksum/'. A MD5 signature database must be a text file that contains the following JSON object: