/**
* Start Exploit Scanner scan.
*
* ## OPTIONS
*
* [--show-suspicious-styles]
* : Search for suspicious styles - (display:none and visibility:hidden can be used to hide spam, but may cause many false positives)
*
* [--file-size=<size-in-kb>]
* : Upper file size limit in KB - (files larger than this are skipped and will be listed at the end of scan)
*
* [--files-per-block=<no-of-files>]
* : Number of files per batch - (to help reduce memory limit errors the scan processes a series of file batches)
*
* [--report_all_unknown_files]
* : Reports also unkown files outside of wp-includes, wp-admin and wp root directory
*
* [--export-csv=<file-name>]
* : It will export result to specified csv file
*
* ## EXAMPLES
*
* wp exploit-scanner scan
*
* @synopsis
*/
function scan($args, $assoc_args)
{
$default = array('show-suspicious-styles' => true, 'file-size' => 400, 'files-per-block' => 250, 'report_all_unknown_files' => false, 'export-csv' => false);
$assoc_args = wp_parse_args($assoc_args, $default);
if (!is_numeric($assoc_args['file-size'])) {
WP_CLI::error("--file-size : Upper file size limit should be numeric");
return;
}
if (!is_numeric($assoc_args['files-per-block'])) {
WP_CLI::error("--files-per-block : Number of files per batch should be numeric");
return;
}
$fes_args = array('start' => 0, 'fsl' => intval($assoc_args['file-size']), 'max' => intval($assoc_args['files-per-block']), 'report_all_unknown_files' => $assoc_args['report_all_unknown_files'], 'display_pattern' => $assoc_args['show-suspicious-styles']);
WP_CLI::warning("Star File Scanning...");
$scan_flag = true;
$scanner = new File_Exploit_Scanner(ABSPATH, $fes_args);
// Fix for save transient error
delete_transient('exploitscanner_results_trans');
delete_transient('exploitscanner_files');
$file_progress = new \cli\progress\Bar('Progress', 1000);
$file_progress->tick();
while ($scan_flag) {
$result = $scanner->run();
if (is_wp_error($result)) {
$file_progress->finish();
WP_CLI::error('Files list not properly saved as a transient');
$scan_flag = false;
} else {
if ($result) {
$scan_flag = false;
$file_progress->finish();
WP_CLI::success('All files scanned');
} else {
$file_progress->tick($scanner->max_batch_size);
$scanner->start = $scanner->start + $scanner->max_batch_size;
}
}
}
WP_CLI::warning("Star Database Scanning...");
$db_scanner = new DB_Exploit_Scanner();
$db_scanner->run();
WP_CLI::success('Database scanned');
$this->result($args, $assoc_args);
}
function exploitscanner_ajax_file_scan()
{
check_ajax_referer('exploit-scanner_scan');
if (!isset($_POST['start'])) {
die('Error: start not set.');
} else {
$start = (int) $_POST['start'];
}
$fsl = !isset($_POST['filesize_limit']) || !is_numeric($_POST['filesize_limit']) ? 400 : (int) $_POST['filesize_limit'];
$max = !isset($_POST['max_batch_size']) || !is_numeric($_POST['max_batch_size']) ? 100 : (int) $_POST['max_batch_size'];
$display_pattern = $_POST['display_pattern'] != 'false' ? true : false;
$args = compact('start', 'fsl', 'max', 'display_pattern');
$scanner = new File_Exploit_Scanner(ABSPATH, $args);
if ($scanner->run()) {
echo 'Complete';
} else {
echo 'Files scanned: ' . ($start + $max) . '...';
}
exit;
}
/**
* AJAX callback to initiate a file scan.
*/
function exploitscanner_ajax_file_scan()
{
check_ajax_referer('exploit-scanner_scan');
if (!isset($_POST['start'])) {
die(json_encode(array('status' => 'error', 'data' => 'Error: start not set.')));
} else {
$start = (int) $_POST['start'];
}
$fsl = !isset($_POST['filesize_limit']) || !is_numeric($_POST['filesize_limit']) ? 400 : (int) $_POST['filesize_limit'];
$max = !isset($_POST['max_batch_size']) || !is_numeric($_POST['max_batch_size']) ? 100 : (int) $_POST['max_batch_size'];
$display_pattern = $_POST['display_pattern'] != 'false' ? true : false;
$args = compact('start', 'fsl', 'max', 'display_pattern');
$scanner = new File_Exploit_Scanner(ABSPATH, $args);
$result = $scanner->run();
if (is_wp_error($result)) {
$message = $result->get_error_message();
$data = $result->get_error_data();
echo json_encode(array('status' => 'error', 'message' => $message, 'data' => $data));
} else {
if ($result) {
echo json_encode(array('status' => 'complete'));
} else {
echo json_encode(array('status' => 'running', 'data' => 'Files scanned: ' . ($start + $max) . '...'));
}
}
exit;
}
