Mage Scan
The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into.
Installation
.phar
- Download the
magescan.pharfile - Run in command line with the
phpcommand
curl -o magescan.phar http://magescan.steverobbins.com/download/magescan.phar
php magescan.phar scan www.example.com
Source
- Clone this repository
- Install with composer
git clone https://github.com/steverobbins/magescan magescan
cd magescan
curl -sS https://getcomposer.org/installer | php
php composer.phar install
bin/magescan scan www.example.com
n98-magerun
Clone into your ~/.n98-magerun/modules directory
mkdir -p ~/.n98-magerun/modules
git clone https://github.com/steverobbins/magescan ~/.n98-magerun/modules/magescan
magerun magescan:scan store.example.com
Composer
composer require steverobbins/magescan --dev
Include in your project
Add the following to your composer.json
"require": {
"steverobbins/magescan": "dev-master"
}
Usage
$ magescan.phar scan store.example.com
Commands
scan
$ magescan.phar scan [--insecure|-k] [--show-modules] <url>
Scans the given <url>.
Options
--insecure, -k
If set, SSL certificates won't be validated
--show-modules
Show all modules that we tried to detect, not just those that were found
selfupdate
$ magescan.phar selfupdate
Updates the phar file to the latest version.
Disclaimer
Since we can't see the code base, this tool makes assumptions and takes guesses. Information reported isn't guaranteed to be correct.
For in depth analyses, consider:
- mageaudit
- Magento Project Mess Detector (for n98-magerun)
- magniffer
- Magento Coding Standard
- magecheck
- magento-check
Support
Please create an issue for all bugs and feature requests
Contributing
Fork this repository and send a pull request to the dev branch
