Skip to content

Latest commit

 

History

History
171 lines (101 loc) · 4.58 KB

README.md

File metadata and controls

171 lines (101 loc) · 4.58 KB

Mage Scan

Join the chat at https://gitter.im/steverobbins/magescan

Master Build Status Master Code Quality Master Code Coverage Latest Stable Version Master Dependancies

The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into.

Screenshot

Installation

.phar

  • Download the magescan.phar file
  • Run in command line with the php command
curl -o magescan.phar http://magescan.steverobbins.com/download/magescan.phar
php magescan.phar scan:all www.example.com

Source

  • Clone this repository
  • Install with composer
git clone https://github.com/steverobbins/magescan magescan
cd magescan
curl -sS https://getcomposer.org/installer | php
php composer.phar install
bin/magescan scan:all www.example.com

n98-magerun

Clone into your ~/.n98-magerun/modules directory

mkdir -p ~/.n98-magerun/modules
git clone https://github.com/steverobbins/magescan ~/.n98-magerun/modules/magescan
magerun magescan:scan store.example.com

Composer

composer require steverobbins/magescan --dev

Include in your project

Add the following to your composer.json

"require": {
    "steverobbins/magescan": "dev-master"
}

Usage

$ magescan.phar scan:all store.example.com

Commands

scan:all

$ magescan.phar scan:all [--insecure|-k] [--show-modules] <url>

Run all scans on the given <url>.

Options

--format=FORMAT

Specify a different output format. Possible values:

  • default
  • json
--insecure, -k

If set, SSL certificates won't be validated

--show-modules

Lists all modules searched for, not just those found

scan:catalog

$ magescan.phar scan:catalog [--insecure|-k] <url>

Get catalog information

scan:modules

$ magescan.phar scan:modules [--insecure|-k] [--show-modules] <url>

Get installed modules

scan:patch

$ magescan.phar scan:patch [--insecure|-k] <url>

Get patch information

scan:server

$ magescan.phar scan:server [--insecure|-k] <url>

Check server technology

scan:sitemap

$ magescan.phar scan:sitemap [--insecure|-k] <url>

Check sitemap

scan:unreachable

$ magescan.phar scan:unreachable [--insecure|-k] <url>

Check unreachable paths

scan:version

$ magescan.phar scan:version [--insecure|-k] <url>

Get the version of a Magento installation

Show all modules that we tried to detect, not just those that were found

self-update

$ magescan.phar self-update

Updates the phar file to the latest version.

Disclaimer

Since we can't see the code base, this tool makes assumptions and takes guesses. Information reported isn't guaranteed to be correct.

For in depth analyses, consider:

Support

Please create an issue for all bugs and feature requests

Contributing

Fork this repository and send a pull request to the dev branch

License

Creative Commons Attribution 4.0 International