Place Holder

Related links

Got A Project???

Over thirty years experience with hardware, software and networks, allows for an educated resolution to problems.
Obviously, on-site is limited to the Baton Rouge area, unless prior arrangements are made.

Boomers Image Verification and File Scan

Description:

After lending a hand to some friends that had their websites hacked... These hacked scripts were hidden in fake image files, and at the time... Nothing was picking them up... So, I found a need to simplify my life. I wanted to be able to verify all the image files were in fact, image files.
Other options I wanted - List files with certain extensions, scan the contents of the web files for specific text strings and common malware markers.

It is important to note, this isn't a malware scanner. It is a tool to find KNOWN elements in compromised files. Meaning, you probably already know what your looking for, but have to find it splattered across all your directories and files.

Portable .Net app that scans a selected directory, and all directories below it... That are located on your local drive.
Download the contents of your website to a directory of your choosing. Open the app, and select that directory. You're ready to scan...

Requirements:
Windows 10 or 11, Windows Server
.Net 6.0



DOWNLOAD ZIP FILE


Application Docs:

'Select Directory' - Select the location for scanning.
'Start Image Scan' - Verify all files with .jpg, .jpeg, .png, .bmp, .gif, .ico extensions are actually images.
'Remove Selected' - Deletes the selected file in the list. Be careful with this one.
'Edit Selected' - Opens the selected file in notepad, for editing.
'Open Location' - Opens the location of the selected file in the file explorer.
'Search For Text' - Search for specific strings of text.
'Scan For Markers' - Scans the selected directory for common php commands used in malicious code.
"base64_decode", "eval", "exec", "shell_exec", "system", "passthru", "assert", "create_function", "preg_replace", "unserialize", "fopen", "fwrite", "fread", "file_put_contents", "file_get_contents", "include", "require", "include_once", "require_once", "move_uploaded_file", "curl_exec", "curl_multi_exec", "fsockopen", "pfsockopen", "call_user_func", "call_user_func_array", "${", "$$", "obfuscation"

Warning
Just because the file shows up in the list, doesn't mean it's bad.
For example... If an image file shows up in the list. Then edit selected image. See if it contains ALL plain text, especially PHP code... Good chance that it's bad... If not, might be a false positive.
If in doubt, open the image in a photo editor and check.
The scan for 'Common Markers' doesn't distinguish between good or bad code... It shows a list of files containg the text...

Point being, use extreme caution...
Keep a copy of your downloaded web files before you start scanning...
If mistakes are made, you can start over.
Don't just start deleting things because they show up in the list...
Always verify before you delete.
If you're not familiar with PHP, then you have been warned...

The Offerings

Misc. Projects