Corediff is a commandline tool that can be used to uncover server side payment skimming amongst other things. It does this by comparing your Magento directory to legitimate code hashes provided by Sansec. This will show you lines that have not been seen before by Sansec, and might prove to be malicious backdoors.
You can start using corediff right off the bat when you’re on the latest Hypernode revision. Simply point
corediff to your Magento directory (located at
/data/web/magento2 by default) like the following command:
corediff /data/web/magento2, or check out our documentation for more details.
We will be making this tool available on all Hypernodes by default over the coming week. If you want it before that time, please contact our support team and they’ll update your Hypernode accordingly.
Many thanks to Sansec for open sourcing this great tool!