zae / wp-vulnerabilities
Scan your wordpress installation for known vulnerabilities
Requires
- php: >=5.4
- composer/semver: ^0.1|^1.0
- guzzlehttp/guzzle: ^5.3|^6.0
- illuminate/console: ^5.2
- illuminate/container: ^5.2
- illuminate/events: ^5.2
- illuminate/filesystem: ^5.2
- illuminate/pipeline: ^5.2
- symfony/yaml: ^2.0|^3.0
- zae/wp-fileheader: ^1.0
Requires (Dev)
- phpunit/phpunit: ^5.1
README
#Wordpress vulnerabilities scanner Scan your wordpress installation and find out if there are any vulnerable plugins installed.
#Scanners scan:wordpress Scan your wordpress version scan:plugins Scan your installed plugins scan:wordpress Scan your installed themes
#Return code The command will return 1 if there are vulnerable plugins, themes or wordpresses found and show a table with explanations, the command will return 0 if no vulnerable plugins were found.
#Providers Most of the functionality is provided by providers using a Pipeline.
Pre
All the filters that create a list of the installed plugins should mutate the $plugins array before calling $next
Post
All the filters that check for vulnerabilities should mutate the $plugins array after calling $next
#Pipeline This project uses the Laravel 5 Pipeline project.
#Config You can configure the plugin using the wp_scan.yml file.
#TODO Add more providers to add capabilities like reading composer files. Add a scanner that checks wordpress itself Add a scanner that checks themes Cleanup Tests