I've written a tool for a friend who had some trouble with some hacker who was uploading php shells to his server. This script will read directories and files looking for signatures to common php hacking shells. The script is easy to use and free as well. The script will dump to a text file that reports what files might be at risk. Usage would look something like this: topdir - The top level directory you wish to scan. All subdirectories and files will scanned sigdir - The directory containing all virus sig files. logfile - file to write results to. Will be written to cwd if not specified. >>> shellscan.py topdir OR >>> shellscan.py topdir logfile OR >>> shellscan.py topdir logfile sigdir Here is a picture showing the output after running the scanner on a backup of a website. I purposely placed a hacking shell in a directory this time The app can be downloaded from my website here: http://www.esux.net/python_php_shell_virus_web_scan_detection