Jacek Pyziak
c4166d1cd4
Phase A complete — CLI + 5 scanner modules + reporter: - ftp-walker: basic-ftp + ssh2-sftp-client adapters with upload/download/walk - core-diff: MD5 check vs api.wordpress.org checksums - dropper-hunter: extension-blind PHP detection (catches .css/.svg/.tmp droppers) - cloaker-test: dual-UA (Googlebot vs browser) with sitemap auto-discovery - db-scanner: options, users, sessions, action-scheduler hooks - remote-helper: server-side scan with base64-obfuscated patterns (WAF bypass) - reporter: JSON + HTML + CLI output with severity-based exit codes Inspired by sweetbabyroom.pl hack recovery — captures techniques that detected a dropper Wordfence/custom scanners missed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
49 lines
1.2 KiB
JSON
49 lines
1.2 KiB
JSON
{
|
|
"name": "sbr-malwscan",
|
|
"version": "0.1.0",
|
|
"description": "Malware persistence scanner for WordPress — detects droppers, cloakers, core file tampering, and DB persistence that standard tools miss",
|
|
"type": "module",
|
|
"bin": {
|
|
"sbr-malwscan": "./dist/cli.js"
|
|
},
|
|
"main": "./dist/index.js",
|
|
"types": "./dist/index.d.ts",
|
|
"scripts": {
|
|
"build": "tsc",
|
|
"dev": "tsx src/cli.ts",
|
|
"start": "node dist/cli.js",
|
|
"test": "node --test tests/",
|
|
"typecheck": "tsc --noEmit",
|
|
"clean": "rm -rf dist"
|
|
},
|
|
"keywords": ["wordpress", "malware", "scanner", "security", "cli", "audit", "dropper", "cloaker"],
|
|
"author": "Jacek Pyziak",
|
|
"license": "MIT",
|
|
"engines": {
|
|
"node": ">=20"
|
|
},
|
|
"dependencies": {
|
|
"basic-ftp": "^5.0.5",
|
|
"ssh2-sftp-client": "^10.0.3",
|
|
"commander": "^12.1.0",
|
|
"chalk": "^5.3.0",
|
|
"ora": "^8.1.0",
|
|
"mysql2": "^3.11.0",
|
|
"undici": "^6.19.8",
|
|
"zod": "^3.23.8"
|
|
},
|
|
"devDependencies": {
|
|
"@types/node": "^22.5.0",
|
|
"@types/ssh2-sftp-client": "^9.0.4",
|
|
"tsx": "^4.19.0",
|
|
"typescript": "^5.5.4"
|
|
},
|
|
"files": [
|
|
"dist/",
|
|
"helpers/",
|
|
"patterns/",
|
|
"README.md",
|
|
"LICENSE"
|
|
]
|
|
}
|