Find commands to find dodgy looking php files

  LEMP

Looking at a Joomla site with a lurg, used a few find commands to try quickly weed out the mucky code, ran these and used my eyes:

find path/to/directory -type f -name "*.php" -mtime 5 -print0
find path/to/directory -type f -name "*.php" -print0|xargs -0 grep "$GLOBALS[" |cut -d":" -f1 |uniq
find path/to/directory -type f -name "*.php" -print0| xargs -0 grep "base64_decode"|cut -d":" -f1 |uniq
find path/to/directory -type f -name "*.php" -print0| xargs -0 grep "eval"|cut -d":" -f1 |uniq

Probably a much better way like, just because files contain base64 or globals doesn’t mean they’re bad!

Erm, just to get a quick list to look through I used

find path/to/directory -type f -name "*.php" -print0 | xargs -0 grep "base64_decode" |cut -d':' -f1 |uniq