Exploit Scanner

Name: Exploit Scanner
Version: 1.14 (Released: Nov 17, 2014 - changelog)
Requires:  CMS Builder v0.00
Single Price:  $99.95 – Login to purchase
Unlimited Price:  $129.95 – Login to purchase
(Single & Unlimited Use License Agreement)
Download:  Login to purchase

Website hacks are becoming more and more common with clients running unpatched email forms, blogs, and other vulnerable software. Exploit Scanner quickly scans website folders for known web malware and malicious coding patterns to help you detect hacks in advance and identify hacked files.


Note: This application runs standalone and does not require a CMS Builder installation to be used.

When your client's website gets hacked, it doesn't matter whether it's through an unpatched blog application their former developer left on the server, or a vulnerable formmail script that came with the hosting package, they'll be looking to you to solve the problem.

Exploit Scanner makes it easy to quickly detect hacks and identify modified files. With over 40 patterns it can recognize known malware as well as use heuristics to find malicious code patterns.

Website hacks are becoming more and more common and almost all website hacks these days are automated. Rather than sitting in front of a computer, hackers* use automatic scripts to scan thousands of websites an hour for known security vulnerabilities and weaknesses. These are usually found in old versions of popular web scripts such as: WordPress, email forms, image galleries, etc.

Once a hacker gains access to a vulnerable server or web hosting account, they can then use it to send spam email, redirect traffic to other websites, host malware, or even use the server to try and compromise or attack other servers.

Even if the changes are minimal or undetected, they can have a devastating effect on a website's traffic, revenue, and reputation. Possible repercussions include:
- losing traffic (search engines and anti-virus programs may block website)
- getting temporarily banned by Google for hosting malware
- getting banned by email gateways for sending spam
- losing customers if website visitors see malware warnings, viagra links,
pornography, etc
- reduce search engine ranking or complete removal from search engines
- slow website performance (if server resources are being redirected by hackers)
- exceeded quotas and overage fees for bandwidth and CPU time

Exploit Scanner runs from the web or the command-line and gives you a powerful arsenal of tools to detect hacked files. Just upload the xs.php script to your website root and run it through your browser for an instant report. Or for more advanced users, login from the command line to scan multiple websites at a time, generate scan logs, detect recently modified files, or show warnings for suspect files.

*Note: For the purposes of this document we use the term "hacker" to refer to a malicious user who is intent on gaining illegal access to a computer system or network by bypassing or breaking the security system. The term can also be used in a positive context to refer to hobbyists or the programmer subculture that includes the pioneers of the internet. For more information see: http://en.wikipedia.org/wiki/Hacker_definition_controversy#Hacker_definition_controversy

Key Features

  • Runs from the command-line or from the web browser
  • Detects hacks and exploits in php, javascript, and htaccess files
  • Detects known exploit software as well as coding patterns from unknown software
  • Command-line version can scan unlimited folders and over half a million files an hour
  • Ability to list recently modified files by modified date or inode change time
  • Instant realtime report allows you to easily check and recheck for hacks and exploits
  • Runs standalone as a single php file with no installation or other software required, just upload and run

Customer Quotes

We had a server get hammered and this program help us find where, when and how and even let us to find issues on sites that did not have software attached. This is a game changer.