Download the PHP package 10up/wpcli-vulnerability-scanner without Composer

On this page you can find all versions of the php package 10up/wpcli-vulnerability-scanner. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of 10up/wpcli-vulnerability-scanner

Informations about the package wpcli-vulnerability-scanner

WP-CLI Vulnerability Scanner

Check WordPress core, installed plugins and themes for vulnerabilities.

Installation

Global command, automatically

It can be installed as a wp-cli package via git repo which is the most preferred way to install.

API Access

WP-CLI Vulnerability Scanner works with WPScan, Patchstack and Wordfence Intelligence to check reported vulnerabilities; you can choose any one of these three to use. You will need to add a constant in your wp-config.php to decide which API service you want to use (by default WPScan API will be used).

To use WPScan API:

To use Patchstack API:

To use Wordfence Intelligence API:

Note: Authentication is not required for the Wordfence Intelligence Vulnerability API ( https://www.wordfence.com/wti-community-edition-terms-and-conditions/ ). VULN_API_TOKEN is not required if using Wordfence as your provider.

For WPScan and Patchstack you will need to register for a user account and supply an API token from the chosen API service. Once you have acquired the token, you can add it as a constant in wp-config.php as follows:

Global command, manually

Clone this repo, checkout to stable branch and require wpcli-vulnerability-scanner.php from wp-cli config. E.g. in ~/.wp-cli/config.yml [other config locations]

Standard plugin

This repo can be installed as a regular plugin. There is no UI, but the command will become available.

After plugin installation, you can verify the command is in place with wp help vuln

Usage

Example output

Checking WordPress core, plugins and themes for reported vulnerabilities:

Using the JSON format:

Checking any given theme:

Using the JSON format:

Example usage

Basic

Will simply error out if there are no slugs returned by the plugin-status command. Can suppress the output by appending &> /dev/null

Scheduled/Cron

0 0 * * * is everyday at midnight. For assistance creating an alternate schedule, check out http://crontab.guru/. For example, 0 0 * * 1,4 runs at midnight every Monday and Thursday.

With email notifications

Included is a sample bash script, includes/vuln.sh. This can be customized and used in a cron job so that you can be alerted when vulnerabilities are found.

This readme does not discuss configuring the mail command on your server. To run a simple test, try

Nagios

wp vuln plugin-status --nagios will give output for Nagios monitoring.

Check uninstalled themes and plugins

Check a specific version of a theme or plugin. Example:

Or check several at once (cannot accept versions)

Running Tests

Prerequisites:

Must have environment variables for VULN_API_PROVIDER and VULN_API_TOKEN

To run tests against WPScan API:

To run tests against Patchstack API:

To run tests against Wordfence Intelligence API, VULN_API_TOKEN is not required:

Install dependencies

Note: Not uncommon for composer to run out of memory, you may need to take steps to free up memory on your end

Run tests

WPScan API

PatchStack API

Wordfence API

Support Level

Active: 10up is actively working on this, and we expect to continue work for the foreseeable future including keeping tested up to the most recent version of WordPress. Bug reports, feature requests, questions, and pull requests are welcome.

Changelog

A complete listing of all notable changes to WP-CLI Vulnerability Scanner are documented in CHANGELOG.md.

Contributing

Please read CODE_OF_CONDUCT.md for details on our code of conduct, CONTRIBUTING.md for details on the process for submitting pull requests to us, and CREDITS.md for a listing of maintainers of, contributors to, and libraries used by WP-CLI Vulnerability Scanner.

Like what you see?

All versions of wpcli-vulnerability-scanner with dependencies

PHP Build Version
Package Version
Requires php Version >=7.0
halaxa/json-machine Version ^1.1
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package 10up/wpcli-vulnerability-scanner contains the following files

Loading the files please wait ....