Last active
February 25, 2020 10:03
-
-
Save mttjohnson/a42a28e8ff246665120a3635c7bf409b to your computer and use it in GitHub Desktop.
PHP Security Notes (Scanning/Vulnerability)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/sensiolabs/security-checker | |
| # Uses Security Check Web service (https://security.symfony.com/) and Security Advisories Database (https://github.com/FriendsOfPHP/security-advisories) | |
| curl -o security-checker https://get.sensiolabs.org/security-checker.phar | |
| chmod +x ./security-checker | |
| ./security-checker security:check current/composer.lock | |
| # MageReport | |
| # https://www.magereport.com | |
| # eCommerce Security Scanner (paid solution) | |
| # https://sansec.io/?mwscan | |
| # External Scan by Foregeneix | |
| # http://webscan.foregenix.com/ | |
| # Mage Scan (Steve Robbins) | |
| # https://github.com/steverobbins/magescan | |
| curl -sL -o magescan https://github.com/steverobbins/magescan/releases/latest/download/magescan.phar | |
| chmod +x magescan | |
| ./magescan scan:all 'https://www.example.com/' | |
| # Magentary | |
| # https://magentary.com/magento-security-patch-tester/ | |
| # https://github.com/nbs-system/php-malware-finder/ | |
| curl -sLo php-malware-finder.zip https://github.com/nbs-system/php-malware-finder/archive/master.zip | |
| unzip php-malware-finder.zip | |
| rm php-malware-finder.zip | |
| cd php-malware-finder-master/php-malware-finder | |
| ./phpmalwarefinder /var/www/html/current | |
| # or | |
| yara -r ./php.yar /var/www/html/current | |
| # Pen Testing Notes | |
| # https://gist.github.com/mttjohnson/ed0f4861352fef3b9cc6512c77b7bacc | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment