/** * Start Exploit Scanner scan. * * ## OPTIONS * * [--show-suspicious-styles] * : Search for suspicious styles - (display:none and visibility:hidden can be used to hide spam, but may cause many false positives) * * [--file-size=<size-in-kb>] * : Upper file size limit in KB - (files larger than this are skipped and will be listed at the end of scan) * * [--files-per-block=<no-of-files>] * : Number of files per batch - (to help reduce memory limit errors the scan processes a series of file batches) * * [--report_all_unknown_files] * : Reports also unkown files outside of wp-includes, wp-admin and wp root directory * * [--export-csv=<file-name>] * : It will export result to specified csv file * * ## EXAMPLES * * wp exploit-scanner scan * * @synopsis */ function scan($args, $assoc_args) { $default = array('show-suspicious-styles' => true, 'file-size' => 400, 'files-per-block' => 250, 'report_all_unknown_files' => false, 'export-csv' => false); $assoc_args = wp_parse_args($assoc_args, $default); if (!is_numeric($assoc_args['file-size'])) { WP_CLI::error("--file-size : Upper file size limit should be numeric"); return; } if (!is_numeric($assoc_args['files-per-block'])) { WP_CLI::error("--files-per-block : Number of files per batch should be numeric"); return; } $fes_args = array('start' => 0, 'fsl' => intval($assoc_args['file-size']), 'max' => intval($assoc_args['files-per-block']), 'report_all_unknown_files' => $assoc_args['report_all_unknown_files'], 'display_pattern' => $assoc_args['show-suspicious-styles']); WP_CLI::warning("Star File Scanning..."); $scan_flag = true; $scanner = new File_Exploit_Scanner(ABSPATH, $fes_args); // Fix for save transient error delete_transient('exploitscanner_results_trans'); delete_transient('exploitscanner_files'); $file_progress = new \cli\progress\Bar('Progress', 1000); $file_progress->tick(); while ($scan_flag) { $result = $scanner->run(); if (is_wp_error($result)) { $file_progress->finish(); WP_CLI::error('Files list not properly saved as a transient'); $scan_flag = false; } else { if ($result) { $scan_flag = false; $file_progress->finish(); WP_CLI::success('All files scanned'); } else { $file_progress->tick($scanner->max_batch_size); $scanner->start = $scanner->start + $scanner->max_batch_size; } } } WP_CLI::warning("Star Database Scanning..."); $db_scanner = new DB_Exploit_Scanner(); $db_scanner->run(); WP_CLI::success('Database scanned'); $this->result($args, $assoc_args); }
function exploitscanner_ajax_file_scan() { check_ajax_referer('exploit-scanner_scan'); if (!isset($_POST['start'])) { die('Error: start not set.'); } else { $start = (int) $_POST['start']; } $fsl = !isset($_POST['filesize_limit']) || !is_numeric($_POST['filesize_limit']) ? 400 : (int) $_POST['filesize_limit']; $max = !isset($_POST['max_batch_size']) || !is_numeric($_POST['max_batch_size']) ? 100 : (int) $_POST['max_batch_size']; $display_pattern = $_POST['display_pattern'] != 'false' ? true : false; $args = compact('start', 'fsl', 'max', 'display_pattern'); $scanner = new File_Exploit_Scanner(ABSPATH, $args); if ($scanner->run()) { echo 'Complete'; } else { echo 'Files scanned: ' . ($start + $max) . '...'; } exit; }
/** * AJAX callback to initiate a file scan. */ function exploitscanner_ajax_file_scan() { check_ajax_referer('exploit-scanner_scan'); if (!isset($_POST['start'])) { die(json_encode(array('status' => 'error', 'data' => 'Error: start not set.'))); } else { $start = (int) $_POST['start']; } $fsl = !isset($_POST['filesize_limit']) || !is_numeric($_POST['filesize_limit']) ? 400 : (int) $_POST['filesize_limit']; $max = !isset($_POST['max_batch_size']) || !is_numeric($_POST['max_batch_size']) ? 100 : (int) $_POST['max_batch_size']; $display_pattern = $_POST['display_pattern'] != 'false' ? true : false; $args = compact('start', 'fsl', 'max', 'display_pattern'); $scanner = new File_Exploit_Scanner(ABSPATH, $args); $result = $scanner->run(); if (is_wp_error($result)) { $message = $result->get_error_message(); $data = $result->get_error_data(); echo json_encode(array('status' => 'error', 'message' => $message, 'data' => $data)); } else { if ($result) { echo json_encode(array('status' => 'complete')); } else { echo json_encode(array('status' => 'running', 'data' => 'Files scanned: ' . ($start + $max) . '...')); } } exit; }