The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into.
Installation
.phar
- Download the
magescan.phar
file from the releases page - Run in command line with the
php
command
php magescan.phar scan:all www.example.com
Source
- Clone this repository
- Install with composer
git clone https://github.com/steverobbins/magescan magescan
cd magescan
curl -sS https://getcomposer.org/installer | php
php composer.phar install
bin/magescan scan:all www.example.com
n98-magerun
Clone into your
~/.n98-magerun/modules
directorymkdir -p ~/.n98-magerun/modules
git clone https://github.com/steverobbins/magescan ~/.n98-magerun/modules/magescan
magerun magescan:scan store.example.com
Composer
composer require steverobbins/magescan --dev
Include in your project
Add the following to your
composer.json
"require": {
"steverobbins/magescan": "dev-master"
}
Usage
$ magescan.phar scan:all store.example.com
Commands
scan:all
$ magescan.phar scan:all [--insecure|-k] [--show-modules] <url>
Run all scans on the given <url>
.Options
--format=FORMAT
Specify a different output format. Possible values:
default
json
--insecure
, -k
If set, SSL certificates won't be validated
--show-modules
Lists all modules searched for, not just those found
scan:catalog
$ magescan.phar scan:catalog [--insecure|-k] <url>
Get catalog informationscan:modules
$ magescan.phar scan:modules [--insecure|-k] [--show-modules] <url>
Get installed modulesscan:patch
$ magescan.phar scan:patch [--insecure|-k] <url>
Get patch informationscan:server
$ magescan.phar scan:server [--insecure|-k] <url>
Check server technologyscan:sitemap
$ magescan.phar scan:sitemap [--insecure|-k] <url>
Check sitemapscan:unreachable
$ magescan.phar scan:unreachable [--insecure|-k] <url>
Check unreachable pathsscan:version
$ magescan.phar scan:version [--insecure|-k] <url>
Get the version of a Magento installationShow all modules that we tried to detect, not just those that were found
self-update
$ magescan.phar self-update
Updates the phar file to the latest version.