Pocket size PHP malware/webshell/backdoor scanner excelent for real fight
i personally use this daily
- token based comparison (ignore some obfuscation)
- support "<?" and "<%" notations
- md5 hash based comparison (whitelist & blacklist)
- recent times sorted result (make your hunt easier)
- highlight result by color
- copy paste result
clone webshells submodule for testing
Keep in mind that not every single obfuscated webshell can be detected using token_get_all and not every webshell showed on top there is some on the bottom and middle depends on their skills at hiding leaves in a tree