I've developed an small script to check user files for certain strings, to check if they store scam.
It reads plain files and check if their content matches any signature you want, stored as a regex string in xml files.
Files must match some extension, by default, only .php, .html, .htm and...