How to run from the CLI, if web run fails

  • Texiwill

    (@texiwill)


    9 years ago

    Sometimes the web run fails. Currently, mine fails when using SSL and a few other things. So I created a way to run exploit scanner from the command line using the following code. I got no errors but a proper scan. The issue then is most likely the feed back via Javascript that happens not the actual exploit scanner. I named this ‘exploitscan.php’ and put it in my utility directory of other useful tools.

    <?php
$_SERVER['SERVER_NAME'] = "your.serverurl.com";
include("/usr/share/wordpress/wp-load.php");
error_reporting(E_ERROR|E_PARSE);

        $fsl = 400;
        $dis = 1;
        set_time_limit(0);
        $scanner = new File_Exploit_Scanner( ABSPATH, array( 'start' => 0, 'fsl' => $fsl, 'display_pattern' => $dis ) );

        # need to see how far we get
        try {
                $scanner->run();
        } catch(Exception $e) {
                echo 'Scan: Caught exception: ', $e->getMessage(), "\n";
        }

        $scanner = new DB_Exploit_Scanner();
        try {
                $scanner->run();
        } catch(Exception $e) {
                echo 'DBScan: Caught exception: ', $e->getMessage(), "\n";
        }
        exploitscanner_results_page();
?>

    happy hunting for those exploits. Unlike WPscan,Securi, and Wordfence, Exploit Scanner looks at ALL of the files not just those for the various plugins. It can detect issues within newly created files as well.

    — Edward

    https://www.ads-software.com/plugins/exploit-scanner/

  • The topic ‘How to run from the CLI, if web run fails’ is closed to new replies.

Tags