-
Notifications
You must be signed in to change notification settings - Fork 2
/
mage-scanner.sh
executable file
·65 lines (49 loc) · 1.94 KB
/
mage-scanner.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
[ ! -f "app/Mage.php" ] && echo "Error: This does not appear to be a Magento installation" && exit 1
# Identify current Magento version
MAGE_VERSION=$(php -r "require 'app/Mage.php'; echo Mage::getVersion();")
# Download clean Magento source
wget -q sys.sonassi.com/mage-install.sh -O mage-install.sh >/dev/null 2>&1
bash mage-install.sh -d -r $MAGE_VERSION
tar zxf latest-magento.tar.gz
# Disable the compiler
[ -f "includes/config.php" ] && mv includes/config{.php,.disabled.php}
# Look for common methods used to comprimise a Magento installation
COMPRIMISE_METHODS="eval|ord|chr|gzflate|gzinflate|base64_encode|base64_decode"
COMPRIMISE_METHODS_REV=$(echo "$COMPRIMISE_METHODS" | rev)
SCAN_PATH="app lib"
CORE_MODIFICATIONS=()
MISSING_FROM_CORE=()
while read FILE; do
if [ ! -f "magento-ce-$MAGE_VERSION/$FILE" ]; then
MISSING_FROM_CORE+=( "$FILE" )
else
diff --brief -bB "$FILE" "magento-ce-$MAGE_VERSION/$FILE" >/dev/null 2>&1 || CORE_MODIFICATIONS+=( "$FILE" )
fi
done < <(grep -lirE "($COMPRIMISE_METHODS|$COMPRIMISE_METHODS_REV|strrev)([\t\n\r ]+)?\(" $SCAN_PATH)
if [ ${#MISSING_FROM_CORE[@]} -gt 0 ]; then
cat <<EOF
###########################
# MISSING FROM CORE #
###########################
The following files are not present in the Magento core, they could
form part of your custom theme or modules. However, there is no clean
version to compare these files to, so manual verification is recommended
EOF
for WARNING in "${MISSING_FROM_CORE[@]}"; do
echo " $WARNING"
done
fi
if [ ${#CORE_MODIFICATIONS[@]} -gt 0 ]; then
cat <<EOF
#############################
# MODIFIED CORE FILES #
#############################
The following core files have been modified. These edits could be from
part of your regular store development (although editing the core is
not a recommended practice), or they could be comprimised files.
EOF
for WARNING in "${CORE_MODIFICATIONS[@]}"; do
echo " $WARNING"
done
fi