It is widely known that modifying Drupal core code is very bad practice. If you were unaware, please read the article “Never hack core!”. It is also not recommended to modify the code of contributed modules downloaded from drupal.org.
But what should you do if you need to audit an existing site built by another developer to check if there were any changes to the Drupal core or modules? The Hacked! module can help you with this.
This module allows you to check all modules on the site and compare them to the original versions. After installing the module, you can configure whether or not to compare line endings. This is the only configuration in this module. Then you can start the verification process and see a list of modules. Modules that have been changed will be highlighted in red.
Additionally, you can install the Diff module, which lets you see exactly what has been changed and in which files.
In conclusion, don’t hack core. If you need to change code in contributed modules, write patches and submit them to drupal.org. Everything else should be put in custom modules.