gared/ether-scan

A simple scanner for Etherpad instances

Maintainers

Details

github.com/Gared/ether-scan

Source

Issues

Installs: 184

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 1

v3.2.0 2024-06-09 17:05 UTC

Requires

Requires (Dev)

Apache-2.0 a7400a1795057c1c36aeac710c32b7c7a70cb0a6

This package is auto-updated.

Last update: 2024-11-20 17:04:09 UTC

README

Use this tool to scan your etherpad instance to get some insights and test if there is any misconfiguration.

What is this tool doing?

  • Check the "Server" header to see if the revision of etherpad is returned
  • Check the API version (pad.example.com/api)
  • Check the etherpad version
  • Check if the pads are publicly accessible
  • Check if the server is healthy (pad.example.com/health)
  • Check if the admin area is accessible with default credentials (pad.example.com/admin)
  • Check if any (frontend) plugins are installed
  • Check if the server is running since a long time (pad.example.com/stats)

Try it out

You can try this tool out on the https://scanner.etherpad.org which is using this library.

Requirements

You need PHP 8.1 or higher to run this tool.

Usage

Docker

Directly download and run this docker image to scan your instance

docker run --rm gared/ether-scan:main bin/console.php ether:scan http://localhost:9001

Clone

Clone this repository and install dependencies

composer install

Next run this command to scan your instance

bin/console.php ether:scan http://localhost:9001
Starting scan of api...
=======================

 [INFO] No revision in server header                                                                                    

 [INFO] api version: 1.3.0                                                                                              

Starting scan of a pad...
=========================

 [INFO] Package version: 1.9.7                                                                                          

 [OK] Pads are publicly accessible                                                                                      

 [OK] Server is healthy                                                                                                 

 [INFO] Version is 1.9.7                                                                                                

 [INFO] Server running since: 2024-03-08T21:38:56+00:00                                                                 

Starting scan of admin area...
==============================

 [OK] Admin area is not accessible with admin / admin                                                                   

 [OK] Admin area is not accessible with admin / changeme1                                                               

 [OK] Admin area is not accessible with user / changeme1                                                                

Starting scan of plugins...
===========================

 [INFO] No plugins found

Composer

You can also install this tool with composer

composer require gared/ether-scan