umutphp/wp-vulnerability-check
Composer 安装命令:
composer require umutphp/wp-vulnerability-check
包简介
Check the WPScan Vulnerability Database via API to identify the security issues on plugins and WordPress installed.
README 文档
README
WordPress Vulnerability Check (wp-vulnerability-check) is a console application to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.
If you're using WordPress as part of your application and thrid-party WordPress plugins to implement your bussiness logic, you can run wp-vulnerability-check on a CI pipeline to check the vulnerabilities. You should get a token from wpscan.com in order to have access to the API.
Table Of Contents
How To Use
Requirements
wp-vulnerability-check requires PHP version 5.6.0 or greater.
Installation
It can be installed as a stand-alone tool or used as a test step on your CI pipeline.
composer require umutphp/wp-vulnerability-check
CLI Options
After succesfull installation, you can display the options as follows;
./wp-vulnerability-check --help
---------------------------
WP Vulnerability Check version 0.2.2
---------------------------
Usage: wp-vulnerability-check [options]
Options:
--config Full path for the YAML config file. A sample config
file is .wvc.yml.sample in root folder. CLI arguments
override the values in config file.
--path Full path of your WordPress installation.
--plugins-path Relative path of the plugin folder. It is optional.
Please specify if you don't use default plugin folder.
--mu-plugins-path Relative path of the mu plugin folder. It is optional.
Please specify if you don't use default mu plugin folder.
--themes-path Relative path of the theme folder. It is optional.
Please specify if you don't use default theme folder.
--token Token got from wpscan.com
--exclude Exclude the plugins given in comma separated format.
--output The format of output. Valid values JSON, READABLE, HTML,
NO (Default).
--no-colors Disable the console colors. It is enabled by default.
--version Show version.
--help Print this help.
A sample excution,
$ ./wp-vulnerability-check --path /path/to/plugins/ --token token --output readable Checking WordPress version ... . ------------------------------------------------------------ Vulnerability Details Checking plugins... ....... Checked 7 plugins in 2 second, no vulnerability found. The plugins which are not in WPScan Vulnerability Database; akismet, custom-css-js, hello, multisite-clone-duplicator, wp-migrate-db, base, mu-autoloader. PS: You can exclude your custom plugins with --exclude parameter. Checking theme... . Checked 1 theme in 0.2 second, no vulnerability found. The theme which is not in WPScan Vulnerability Database; simple-days. PS: You can exclude your custom themes with --exclude parameter.
Issues
Bug reports and feature requests can be submitted on the Github Issue Tracker.
Contributing
See CONTRIBUTING.md for more information.
Code Of Conduct
See CODE_OF_CONDUCT for more information.
umutphp/wp-vulnerability-check 适用场景与选型建议
umutphp/wp-vulnerability-check 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.89k 次下载、GitHub Stars 达 41, 最近一次更新时间为 2019 年 01 月 18 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 umutphp/wp-vulnerability-check 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 umutphp/wp-vulnerability-check 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 2.89k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 41
- 点击次数: 14
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: GPL-3.0-only
- 更新时间: 2019-01-18
