In this repository you can find absolutely free yara rules for searching php shells and other malicious software.
I hope this will be useful for organizations that provide hosting services and specialists who are engaged in cleaning customers/colleaguaes PC from malware.
This is one-person-project made just4fun im my own time - please don't judge the quality.
If you have a desire to help - here's my contacts for communication or do a pull request (template is in the root of the repository).
Perhaps this nonsense written "on the knee" in the 2 evenings, but greatly simplifying work. If you have over9999 files - this thing can be useful for you.
Except rules that can detect certain php shells, there are Generic rules - they will help you to find potentially malicious scripts quickly and increase the amount of erased backdoors of an attacker.
(sic!) - not all fussed scripts are malicious - an example of this is the directory "FalsePositive," - you shouldn't be scared by yara output and delete all files indiscriminately.
Usage: wiki