The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into.
- Download the
magescan.phar
file from the releases page - Run in command line with the
php
command
php magescan.phar scan:all www.example.com
- Clone this repository
- Install with composer
git clone https://github.com/steverobbins/magescan magescan
cd magescan
curl -sS https://getcomposer.org/installer | php
php composer.phar install
bin/magescan scan:all www.example.com
Clone into your ~/.n98-magerun/modules
directory
mkdir -p ~/.n98-magerun/modules
git clone https://github.com/steverobbins/magescan ~/.n98-magerun/modules/magescan
magerun magescan:scan store.example.com
composer require steverobbins/magescan --dev
Add the following to your composer.json
"require": {
"steverobbins/magescan": "dev-master"
}
$ magescan.phar scan:all store.example.com
$ magescan.phar scan:all [--insecure|-k] [--show-modules] <url>
Run all scans on the given <url>
.
Specify a different output format. Possible values:
default
json
If set, SSL certificates won't be validated
Lists all modules searched for, not just those found
$ magescan.phar scan:catalog [--insecure|-k] <url>
Get catalog information
$ magescan.phar scan:modules [--insecure|-k] [--show-modules] <url>
Get installed modules
$ magescan.phar scan:patch [--insecure|-k] <url>
Get patch information
$ magescan.phar scan:server [--insecure|-k] <url>
Check server technology
$ magescan.phar scan:sitemap [--insecure|-k] <url>
Check sitemap
$ magescan.phar scan:unreachable [--insecure|-k] <url>
Check unreachable paths
$ magescan.phar scan:version [--insecure|-k] <url>
Get the version of a Magento installation
Show all modules that we tried to detect, not just those that were found
Since we can't see the code base, this tool makes assumptions and takes guesses. Information reported isn't guaranteed to be correct.
For in depth analyses, consider:
- mageaudit
- Magento Project Mess Detector (for n98-magerun)
- magniffer
- Magento Coding Standard
- magecheck
- magento-check
Please create an issue for all bugs and feature requests
Fork this repository and send a pull request to the dev
branch