定制 umutphp/wp-vulnerability-check 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

umutphp/wp-vulnerability-check

Composer 安装命令:

composer require umutphp/wp-vulnerability-check

包简介

Check the WPScan Vulnerability Database via API to identify the security issues on plugins and WordPress installed.

README 文档

README

Contributor Covenant WOSPM Checker Latest Stable Version Total Downloads composer.lock Open Source Helpers

WordPress Vulnerability Check (wp-vulnerability-check) is a console application to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.

If you're using WordPress as part of your application and thrid-party WordPress plugins to implement your bussiness logic, you can run wp-vulnerability-check on a CI pipeline to check the vulnerabilities. You should get a token from wpscan.com in order to have access to the API.

WordPress Vulnerability Check

Table Of Contents

How To Use

Requirements

wp-vulnerability-check requires PHP version 5.6.0 or greater.

Installation

It can be installed as a stand-alone tool or used as a test step on your CI pipeline.

composer require umutphp/wp-vulnerability-check

CLI Options

After succesfull installation, you can display the options as follows;

 ./wp-vulnerability-check --help
---------------------------
WP Vulnerability Check version 0.2.2
---------------------------
Usage: wp-vulnerability-check [options]
Options:
    --config            Full path for the YAML config file. A sample config
                        file is .wvc.yml.sample in root folder. CLI arguments
                        override the values in config file.
    --path              Full path of your WordPress installation.
    --plugins-path      Relative path of the plugin folder. It is optional.
                        Please specify if you don't use default plugin folder.
    --mu-plugins-path   Relative path of the mu plugin folder. It is optional.
                        Please specify if you don't use default mu plugin folder.
    --themes-path       Relative path of the theme folder. It is optional.
                        Please specify if you don't use default theme folder.
    --token             Token got from wpscan.com
    --exclude           Exclude the plugins given in comma separated format.
    --output            The format of output. Valid values JSON, READABLE, HTML,
                        NO (Default).
    --no-colors         Disable the console colors. It is enabled by default.
    --version           Show version.
    --help              Print this help.

A sample excution,

$ ./wp-vulnerability-check --path /path/to/plugins/ --token token --output readable

Checking WordPress version ...

.
------------------------------------------------------------
Vulnerability Details


Checking plugins...

.......

Checked 7 plugins in 2 second, no vulnerability found.

The plugins which are not in WPScan Vulnerability Database; akismet, custom-css-js, hello, multisite-clone-duplicator, wp-migrate-db, base, mu-autoloader.
PS: You can exclude your custom plugins with --exclude parameter.

Checking theme...

.

Checked 1 theme in 0.2 second, no vulnerability found.

The theme which is not in WPScan Vulnerability Database; simple-days.
PS: You can exclude your custom themes with --exclude parameter.

Issues

Bug reports and feature requests can be submitted on the Github Issue Tracker.

Contributing

See CONTRIBUTING.md for more information.

Code Of Conduct

See CODE_OF_CONDUCT for more information.

umutphp/wp-vulnerability-check 适用场景与选型建议

umutphp/wp-vulnerability-check 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.89k 次下载、GitHub Stars 达 41, 最近一次更新时间为 2019 年 01 月 18 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 umutphp/wp-vulnerability-check 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 umutphp/wp-vulnerability-check 我们能提供哪些服务?
定制开发 / 二次开发

基于 umutphp/wp-vulnerability-check 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2.89k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 41
  • 点击次数: 14
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 41
  • Watchers: 2
  • Forks: 9
  • 开发语言: PHP

其他信息

  • 授权协议: GPL-3.0-only
  • 更新时间: 2019-01-18