The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into.
- Download the
magescan.pharfile - Run in command line with the
phpcommand
curl -o magescan.phar http://magescan.steverobbins.com/download/magescan.phar
php magescan.phar scan www.example.com
- Clone this repository
- Install with composer
git clone https://github.com/steverobbins/magescan magescan
cd magescan
curl -sS https://getcomposer.org/installer | php
php composer.phar install
bin/magescan scan www.example.com
Clone into your ~/.n98-magerun/modules directory
mkdir -p ~/.n98-magerun/modules
git clone https://github.com/steverobbins/magescan ~/.n98-magerun/modules/magescan
magerun magescan:scan store.example.com
composer require steverobbins/magescan --dev
Add the following to your composer.json
"require": {
"steverobbins/magescan": "dev-master"
}
$ magescan.phar scan store.example.com
$ magescan.phar scan [--insecure|-k] [--show-modules] <url>
Scans the given <url>.
If set, SSL certificates won't be validated
Show all modules that we tried to detect, not just those that were found
$ magescan.phar selfupdate
Updates the phar file to the latest version.
Since we can't see the code base, this tool makes assumptions and takes guesses. Information reported isn't guaranteed to be correct.
For in depth analyses, consider:
- mageaudit
- Magento Project Mess Detector (for n98-magerun)
- magniffer
- Magento Coding Standard
- magecheck
- magento-check
Please create an issue for all bugs and feature requests
Fork this repository and send a pull request to the dev branch