I am trying to find scripts that contain common malicious code, I need to match multiple strings within each file. What I am using is working but am not sure why I get the following in the output:
# egrep -rli --include='*.php' 'return base64_decode' . | xargs -0 grep -l 'isset' grep: ./wp-content/themes/twentyfourteen/js/menu61.php ./wp-content/themes/twentyfourteen/themes.php ./wp-content/themes/twentytwelve/file68.php ./wp-content/themes/twentythirteen/inc/page.php ./wp-content/themes/twentythirteen/inc/template.php ./wp-content/upgrade/include.php ./wp-content/plugins/wp-slimstat/browscap/diff8.php ./wp-content/plugins/quick-contact-form/gallery56.php ./wp-content/plugins/addthis/css/include.php ./wp-content/plugins/addthis/includes/include.php ./wp-content/plugins/tpc-memory-usage/images/code77.php ./wp-content/plugins/gotmls/images/index.php ./wp-content/plugins/tinymce-advanced/langs/object56.php ./wp-content/plugins/wp-security-audit-log/dirs70.php ./wp-content/plugins/wp-security-audit-log/css/list76.php ./wp-content/plugins/wp-security-audit-log/proxy.php ./wp-content/plugins/image-widget/lang/alias.php ./wp-content/plugins/my-page-order/template.php ./wp-content/uploads/2015/01/footer87.php ./wp-content/menu.php ./wp-includes/js/thickbox/db.php ./wp-includes/js/jquery/ui/footer39.php ./wp-includes/js/imgareaselect/general.php ./wp-includes/css/page25.php ./wp-includes/Text/Diff/Engine/dump.php : No such file or directory The output is good and is what I want but why does it show on line 1:
grep: ./wp-content/themes/twentyfourteen/js/menu61.php and the last line always shows:
: No such file or directory and lastly, piping it into a file doesn't work.
# egrep -rli --include='*.php' 'return base64_decode' . | xargs -0 grep -l 'isset' >> asd 
