-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathwp-vulnerability-check.php
104 lines (90 loc) · 3.01 KB
/
wp-vulnerability-check.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
use UmutPHP\WPVulnerabilityCheck;
const VERSION = '0.2.2';
const SUCCESS = 0,
WITH_ERRORS = 1,
FAILED = 254;
if (version_compare(PHP_VERSION, '5.6.0', '<')) {
fwrite(STDERR, "WP Vulnerability Check requires PHP 5.6.0 and newer");
die(FAILED);
}
function showOptions() {
?>
Options:
--config Full path for the YAML config file. A sample config
file is .wvc.yml.sample in root folder. CLI arguments
override the values in config file.
--path Full path of your WordPress installation.
--plugins-path Relative path of the plugin folder. It is optional.
Please specify if you don't use default plugin folder.
--mu-plugins-path Relative path of the mu plugin folder. It is optional.
Please specify if you don't use default mu plugin folder.
--themes-path Relative path of the theme folder. It is optional.
Please specify if you don't use default theme folder.
--token Token got from wpscan.com
--exclude Exclude the plugins given in comma separated format.
--output The format of output. Valid values JSON, READABLE, HTML,
NO (Default).
--no-colors Disable the console colors. It is enabled by default.
--version Show version.
--help Print this help.
<?php
}
// Help
if (!isset($_SERVER['argv'][1]) || in_array('--help', $_SERVER['argv'])) {
echo '---------------------------' . PHP_EOL;
echo 'WP Vulnerability Check version ' . VERSION . PHP_EOL;
echo '---------------------------' . PHP_EOL;
echo 'Usage: wp-vulnerability-check [options]' . PHP_EOL;
showOptions();
exit;
}
// Version
if (in_array('--version', $_SERVER['argv'])) {
echo VERSION . PHP_EOL;
exit;
}
if (!function_exists('curl_version')) {
echo 'PHP Curl extension is a must.' . PHP_EOL;
die(FAILED);
}
if (!function_exists('json_decode')) {
echo 'PHP JSON extension is a must.' . PHP_EOL;
die(FAILED);
}
$files = array(
__DIR__ . '/../../autoload.php',
__DIR__ . '/vendor/autoload.php'
);
$autoloadFileFound = false;
foreach ($files as $file) {
if (file_exists($file)) {
require $file;
$autoloadFileFound = true;
break;
}
}
if (!$autoloadFileFound) {
$message = 'You need to set up the project dependencies using composer commands:' . PHP_EOL;
fwrite(STDERR,
$message
);
echo $message . PHP_EOL;
die(FAILED);
}
try {
$settings = WPVulnerabilityCheck\Settings::parseArguments($_SERVER['argv']);
} catch (\Exception $e) {
fwrite(STDERR, PHP_EOL . $e->getMessage() . PHP_EOL);
echo PHP_EOL;
showOptions();
die(FAILED);
}
try {
$check = new WPVulnerabilityCheck\Manager($settings);
$status = $check->check();
die($status ? SUCCESS : WITH_ERRORS);
} catch (\Exception $e) {
fwrite(STDERR, $e->getMessage() . PHP_EOL);
die(FAILED);
}