Created
November 7, 2015 21:06
-
-
Save jordantrizz/1ddaf2dab25674995dc4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sometimes the web run fails. Currently, mine fails when using SSL and a few other things. So I created a way to run exploit scanner from the command line using the following code. I got no errors but a proper scan. The issue then is most likely the feed back via Javascript that happens not the actual exploit scanner. I named this 'exploitscan.php' and put it in my utility directory of other useful tools. | |
| <?php | |
| $_SERVER['SERVER_NAME'] = "your.serverurl.com"; | |
| include("/usr/share/wordpress/wp-load.php"); | |
| error_reporting(E_ERROR|E_PARSE); | |
| $fsl = 400; | |
| $dis = 1; | |
| set_time_limit(0); | |
| $scanner = new File_Exploit_Scanner( ABSPATH, array( 'start' => 0, 'fsl' => $fsl, 'display_pattern' => $dis ) ); | |
| # need to see how far we get | |
| try { | |
| $scanner->run(); | |
| } catch(Exception $e) { | |
| echo 'Scan: Caught exception: ', $e->getMessage(), "\n"; | |
| } | |
| $scanner = new DB_Exploit_Scanner(); | |
| try { | |
| $scanner->run(); | |
| } catch(Exception $e) { | |
| echo 'DBScan: Caught exception: ', $e->getMessage(), "\n"; | |
| } | |
| exploitscanner_results_page(); | |
| ?> | |
| happy hunting for those exploits. Unlike WPscan,Securi, and Wordfence, Exploit Scanner looks at ALL of the files not just those for the various plugins. It can detect issues within newly created files as well. | |
| -- Edward |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment