maldet is a malware scanner, TRUE! However, it does look into PHP files to detect malevolent code.
To test PHP vulnerabilities, you need to be very familiar with PHP coding ... and check user input until you're blue in the face!
Ah! I remember looking at Tenable's Nessus scanner ... but it costs a ton ($1500/yr) so you're better off with my earlier suggestion which is what is highly recommended everywhere.