Mage Scan
The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into.
Installation
.phar
- Download the
magescan.phar
file from the releases page - Run in command line with the
php
command
php magescan.phar scan:all www.example.com
Source
- Clone this repository
- Install with composer
git clone https://github.com/steverobbins/magescan magescan
cd magescan
curl -sS https://getcomposer.org/installer | php
php composer.phar install
bin/magescan scan:all www.example.com
n98-magerun
Clone into your ~/.n98-magerun/modules
directory
mkdir -p ~/.n98-magerun/modules
git clone https://github.com/steverobbins/magescan ~/.n98-magerun/modules/magescan
magerun magescan:scan store.example.com
Composer
composer require steverobbins/magescan --dev
Include in your project
Add the following to your composer.json
"require": {
"steverobbins/magescan": "dev-master"
}
Usage
$ magescan.phar scan:all store.example.com
Commands
scan:all
$ magescan.phar scan:all [--insecure|-k] [--show-modules] <url>
Run all scans on the given <url>
.
Options
--format=FORMAT
Specify a different output format. Possible values:
default
json
--insecure
, -k
If set, SSL certificates won't be validated
--show-modules
Lists all modules searched for, not just those found
scan:catalog
$ magescan.phar scan:catalog [--insecure|-k] <url>
Get catalog information
scan:modules
$ magescan.phar scan:modules [--insecure|-k] [--show-modules] <url>
Get installed modules
scan:patch
$ magescan.phar scan:patch [--insecure|-k] <url>
Get patch information
scan:server
$ magescan.phar scan:server [--insecure|-k] <url>
Check server technology
scan:sitemap
$ magescan.phar scan:sitemap [--insecure|-k] <url>
Check sitemap
scan:unreachable
$ magescan.phar scan:unreachable [--insecure|-k] <url>
Check unreachable paths
scan:version
$ magescan.phar scan:version [--insecure|-k] <url>
Get the version of a Magento installation
Show all modules that we tried to detect, not just those that were found
Disclaimer
Since we can't see the code base, this tool makes assumptions and takes guesses. Information reported isn't guaranteed to be correct.
For in depth analyses, consider:
- mageaudit
- Magento Project Mess Detector (for n98-magerun)
- magniffer
- Magento Coding Standard
- magecheck
- magento-check
Support
Please create an issue for all bugs and feature requests
Contributing
Fork this repository and send a pull request to the dev
branch