Version Description
Download this release
Release Info
| Developer | donncha |
| Plugin |  Exploit Scanner |
| Version | 0.6 |
| Comparing to | |
| See all releases | |
Code changes from version 0.5 to 0.6
- exploit-scanner.php +40 -8
- readme.txt +6 -7
exploit-scanner.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: WordPress Exploit Scanner
|
| 4 |
Plugin URI: http://ocaoimh.ie/exploit-scanner/
|
| 5 |
Description: Scans your WordPress site for possible exploits.
|
| 6 |
-
Version: 0.
|
| 7 |
Author: Donncha O Caoimh
|
| 8 |
Author URI: http://ocaoimh.ie/
|
| 9 |
*/
|
|
@@ -33,8 +33,16 @@ function exploit_admin_page() {
|
|
| 33 |
$scan_url = '?page=exploit-admin-page&scan=all';
|
| 34 |
$scan_action = 'exploitscanner-scan_all';
|
| 35 |
$scan_link = wp_nonce_url( $scan_url, $scan_action );
|
| 36 |
-
echo "<p style='text-align:center;'><a href='$scan_link' class='exploit-scan-button button-primary'>Run the Scan</a></p>";
|
| 37 |
?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 38 |
<div style='margin-top: 20px; text-align:center'>
|
| 39 |
<p>Or search the files on your site for a custom string:</p>
|
| 40 |
<form method="get">
|
|
@@ -61,11 +69,13 @@ function exploit_admin_page() {
|
|
| 61 |
<h5>For the paranoid...</h5>
|
| 62 |
<p>To prevent someone hiding malicious code inside this plugin and to check that the signatures file (hashes.txt) hasn't been changed, here are the MD5 hashes of these files. Compare them with the references on the plugin homepage. If they match, this file is ok. You'll get extra points if you check this file has the actual md5_file() calls.</p>
|
| 63 |
<p style="text-align: center">MD5 of exploit-scanner.php: <code><?php echo md5_file(__FILE__); ?></code></p>
|
| 64 |
-
|
|
|
|
|
|
|
| 65 |
</div>
|
| 66 |
<?php }
|
| 67 |
|
| 68 |
-
function exploitscanner_scan( $directory, &$text, &$filehashes ) {
|
| 69 |
global $suspicious_files, $modified_core_files;
|
| 70 |
|
| 71 |
set_time_limit( 60 );
|
|
@@ -76,6 +86,15 @@ function exploitscanner_scan( $directory, &$text, &$filehashes ) {
|
|
| 76 |
if ($entry != '.' && $entry != '..') {
|
| 77 |
if( !is_dir( $entry ) ) {
|
| 78 |
$filename = str_replace( ABSPATH, '', $entry );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
$md5 = md5_file( $entry );
|
| 80 |
$contents = file_get_contents( $entry );
|
| 81 |
reset( $text );
|
|
@@ -92,7 +111,7 @@ function exploitscanner_scan( $directory, &$text, &$filehashes ) {
|
|
| 92 |
$modified_core_files[] = $entry;
|
| 93 |
}
|
| 94 |
} else {
|
| 95 |
-
exploitscanner_scan( $entry, $text, $filehashes );
|
| 96 |
}
|
| 97 |
}
|
| 98 |
}
|
|
@@ -102,8 +121,8 @@ function exploitscanner_scan( $directory, &$text, &$filehashes ) {
|
|
| 102 |
function exploitscanner_file_search( $suspicious_text = '' ) {
|
| 103 |
global $wp_version, $suspicious_files, $modified_core_files;
|
| 104 |
|
| 105 |
-
if ( (
|
| 106 |
-
@ini_set( 'memory_limit', '
|
| 107 |
|
| 108 |
if ( $suspicious_text == '' ) {
|
| 109 |
$suspicious_text = array(
|
|
@@ -130,7 +149,20 @@ function exploitscanner_file_search( $suspicious_text = '' ) {
|
|
| 130 |
$modified_core_files[] = 'The file containing the checksums of all the core WordPress files appears to be missing. Either you have upgraded WordPress and this plugin hasn\'t been updated with the new hashes or the file has been deleted/renamed. You will find that a lot more files have been returned in the Suspicious Strings section.';
|
| 131 |
}
|
| 132 |
|
| 133 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 134 |
echo '<h3>Modified Core Files</h3>';
|
| 135 |
if (!empty($modified_core_files)) {
|
| 136 |
echo '<ol>';
|
| 3 |
Plugin Name: WordPress Exploit Scanner
|
| 4 |
Plugin URI: http://ocaoimh.ie/exploit-scanner/
|
| 5 |
Description: Scans your WordPress site for possible exploits.
|
| 6 |
+
Version: 0.6
|
| 7 |
Author: Donncha O Caoimh
|
| 8 |
Author URI: http://ocaoimh.ie/
|
| 9 |
*/
|
| 33 |
$scan_url = '?page=exploit-admin-page&scan=all';
|
| 34 |
$scan_action = 'exploitscanner-scan_all';
|
| 35 |
$scan_link = wp_nonce_url( $scan_url, $scan_action );
|
|
|
|
| 36 |
?>
|
| 37 |
+
<form action='?page=exploit-admin-page&scan=all' method='POST'>
|
| 38 |
+
<table>
|
| 39 |
+
<tr><td>PHP Memory Limit:</td><td> <input type='text' size='3' name='memory_limit' value='128' />MB (Max memory used by PHP.)</td></tr>
|
| 40 |
+
<tr><td>Upper File size Limit:</td><td> <input type='text' size='3' name='filesize_limit' value='400' />KB (Skip files larger than this. Skipped files are listed at the end of scan.)</td></tr>
|
| 41 |
+
</table>
|
| 42 |
+
<?php wp_nonce_field( 'exploitscanner-scan_all' ); ?>
|
| 43 |
+
<input type='submit' value='Run the Scan' />
|
| 44 |
+
</form>
|
| 45 |
+
<p>If you run into memory problems, increase the PHP memory limit or reduce the file size limit.</p>
|
| 46 |
<div style='margin-top: 20px; text-align:center'>
|
| 47 |
<p>Or search the files on your site for a custom string:</p>
|
| 48 |
<form method="get">
|
| 69 |
<h5>For the paranoid...</h5>
|
| 70 |
<p>To prevent someone hiding malicious code inside this plugin and to check that the signatures file (hashes.txt) hasn't been changed, here are the MD5 hashes of these files. Compare them with the references on the plugin homepage. If they match, this file is ok. You'll get extra points if you check this file has the actual md5_file() calls.</p>
|
| 71 |
<p style="text-align: center">MD5 of exploit-scanner.php: <code><?php echo md5_file(__FILE__); ?></code></p>
|
| 72 |
+
<?php if ( file_exists( dirname( __FILE__ ) . '/hashes-' . $wp_version . '.php' ) ) { ?>
|
| 73 |
+
<p style="text-align: center">MD5 of hashes-<?php echo $wp_version; ?>.php: <code><?php echo md5_file( dirname( __FILE__ ) . '/hashes-' . $wp_version . '.php' ); ?></code></p>
|
| 74 |
+
<?php } ?>
|
| 75 |
</div>
|
| 76 |
<?php }
|
| 77 |
|
| 78 |
+
function exploitscanner_scan( $directory, &$text, &$filehashes, &$skipped_files ) {
|
| 79 |
global $suspicious_files, $modified_core_files;
|
| 80 |
|
| 81 |
set_time_limit( 60 );
|
| 86 |
if ($entry != '.' && $entry != '..') {
|
| 87 |
if( !is_dir( $entry ) ) {
|
| 88 |
$filename = str_replace( ABSPATH, '', $entry );
|
| 89 |
+
if ( filesize( $entry ) > ( (int)$_POST[ 'filesize_limit' ] * 1024 ) ) {
|
| 90 |
+
if ( isset( $filehashes[$filename] ) ) {
|
| 91 |
+
$skipped_files[] = "$entry (core)";
|
| 92 |
+
} else {
|
| 93 |
+
$skipped_files[] = $entry;
|
| 94 |
+
}
|
| 95 |
+
continue;
|
| 96 |
+
}
|
| 97 |
+
|
| 98 |
$md5 = md5_file( $entry );
|
| 99 |
$contents = file_get_contents( $entry );
|
| 100 |
reset( $text );
|
| 111 |
$modified_core_files[] = $entry;
|
| 112 |
}
|
| 113 |
} else {
|
| 114 |
+
exploitscanner_scan( $entry, $text, $filehashes, $skipped_files );
|
| 115 |
}
|
| 116 |
}
|
| 117 |
}
|
| 121 |
function exploitscanner_file_search( $suspicious_text = '' ) {
|
| 122 |
global $wp_version, $suspicious_files, $modified_core_files;
|
| 123 |
|
| 124 |
+
if ( isset( $_POST[ 'memory_limit' ] ) )
|
| 125 |
+
@ini_set( 'memory_limit', (int)$_POST[ 'memory_limit' ] . 'M' ); // increase the memory limit if possible, to avoid out of memory errors
|
| 126 |
|
| 127 |
if ( $suspicious_text == '' ) {
|
| 128 |
$suspicious_text = array(
|
| 149 |
$modified_core_files[] = 'The file containing the checksums of all the core WordPress files appears to be missing. Either you have upgraded WordPress and this plugin hasn\'t been updated with the new hashes or the file has been deleted/renamed. You will find that a lot more files have been returned in the Suspicious Strings section.';
|
| 150 |
}
|
| 151 |
|
| 152 |
+
$skipped_files = array();
|
| 153 |
+
exploitscanner_scan( ABSPATH, array_keys( $suspicious_text ), $filehashes, $skipped_files );
|
| 154 |
+
echo '<h3>Skipped Files</h3>';
|
| 155 |
+
if (!empty($skipped_files)) {
|
| 156 |
+
echo count( $skipped_files ) . " files were skipped:";
|
| 157 |
+
echo '<ol>';
|
| 158 |
+
foreach ($skipped_files as $file) {
|
| 159 |
+
echo "<li>$file</li>";
|
| 160 |
+
}
|
| 161 |
+
echo '</ol>';
|
| 162 |
+
} else {
|
| 163 |
+
echo 'Hooray! None of your core WordPress files have been modified.';
|
| 164 |
+
}
|
| 165 |
+
|
| 166 |
echo '<h3>Modified Core Files</h3>';
|
| 167 |
if (!empty($modified_core_files)) {
|
| 168 |
echo '<ol>';
|
readme.txt
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
Contributors: donncha, duck_, ryan, azaozz
|
| 3 |
Tags: hacking, spam, hack, crack, exploit, vulnerability
|
| 4 |
Tested up to: 2.8.5
|
| 5 |
-
Stable tag: 0.
|
| 6 |
Requires at least: 2.7.1
|
| 7 |
Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
|
| 8 |
|
|
@@ -26,16 +26,15 @@ See the [WordPress Exploit Scanner homepage](http://ocaoimh.ie/exploit-scanner/)
|
|
| 26 |
1. Download and unzip the plugin.
|
| 27 |
2. Copy the exploit-scanner directory into your plugins folder.
|
| 28 |
3. Visit your Plugins page and activate the plugin.
|
| 29 |
-
4. A new menu item called "Exploit Scanner" will be made
|
| 30 |
|
| 31 |
== Frequently Asked Questions ==
|
| 32 |
|
| 33 |
= How do I fix the out of memory error? =
|
| 34 |
|
| 35 |
-
Scanning your website can take quite a bit of memory. The plugin tries to allocate 128MB but sometimes that's not enough. You can
|
| 36 |
-
|
| 37 |
-
`define( 'WP_MEMORY_LIMIT', '256M' );`
|
| 38 |
-
|
| 39 |
|
| 40 |
== Updates ==
|
| 41 |
-
Updates to the plugin will be posted here, to [Holy Shmoly!](http://ocaoimh.ie/) and the [WordPress Exploit Scanner](http://ocaoimh.ie/exploit-scanner/) will always link to the newest version.
|
|
|
|
|
|
| 2 |
Contributors: donncha, duck_, ryan, azaozz
|
| 3 |
Tags: hacking, spam, hack, crack, exploit, vulnerability
|
| 4 |
Tested up to: 2.8.5
|
| 5 |
+
Stable tag: 0.6
|
| 6 |
Requires at least: 2.7.1
|
| 7 |
Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
|
| 8 |
|
| 26 |
1. Download and unzip the plugin.
|
| 27 |
2. Copy the exploit-scanner directory into your plugins folder.
|
| 28 |
3. Visit your Plugins page and activate the plugin.
|
| 29 |
+
4. A new menu item called "Exploit Scanner" will be made under the Dashboard tab.
|
| 30 |
|
| 31 |
== Frequently Asked Questions ==
|
| 32 |
|
| 33 |
= How do I fix the out of memory error? =
|
| 34 |
|
| 35 |
+
Scanning your website can take quite a bit of memory. The plugin tries to allocate 128MB but sometimes that's not enough. You can modify the amount of memory PHP has access to from within the plugin admin page. You can also limit the max size of scanned files. Reduce this number to skip more files but be aware that it may miss hacked files. Any skipped files are listed after scanning. Memory is also used if you have deep directories because of the way the scanner works. It will help if you clean out any cache directories (wp-content/cache/ for example) before scanning.
|
|
|
|
|
|
|
|
|
|
| 36 |
|
| 37 |
== Updates ==
|
| 38 |
+
Updates to the plugin will be posted here, to [Holy Shmoly!](http://ocaoimh.ie/) and the [WordPress Exploit Scanner](http://ocaoimh.ie/exploit-scanner/) page will always link to the newest version.
|
| 39 |
+
|
| 40 |
+
If you use The Japanese version of WordPress, you can use [these hash files](http://wpbiz.jp/files/exploit-scanner-hashes/ja/) instead. Thanks Naoko for telling me about that!
|
