steverobbins / magescan Goto Github PK
View Code? Open in Web Editor NEWScan a Magento site for information
Scan a Magento site for information
Since switching to guzzle some requests are timing out, even when only looking for headers. Check to make sure "file exists" checks are as efficient as possible, and not downloading the entire object when it's not needed.
Check for meta sitemap tag
Check that sitemap file exists
I m getting below error while installing it:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package satooshi/php-coveralls dev-master exists as satooshi/php-coveralls[0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 1.0.x-dev, 1.1.x-dev, 2.0.x-dev, v0.6.0, v0.6.1, v0.7.0, v0.7.1, v1.0.0, v1.0.1, v1.0.2, v1.1.0, v2.0.0] but these are rejected by your constraint.
Please let me know how to fix.
Thanks
Hi,
I'm trying to get magescan to run on OS X. I've tried both from source (latest git master) and using the magescan.phar
file.
My PHP version (installed with homebrew):
$ php -v
PHP 5.3.29 (cli) (built: May 3 2016 13:51:54)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2014 Zend Technologies
Error when running from source:
$ php bin/magescan
PHP Warning: require_once(/Users/ryan/Tools/magescan/src/../vendor/autoload.php): failed to open stream: No such file or directory in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
Warning: require_once(/Users/ryan/Tools/magescan/src/../vendor/autoload.php): failed to open stream: No such file or directory in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
PHP Fatal error: require_once(): Failed opening required '/Users/ryan/Tools/magescan/src/../vendor/autoload.php' (include_path='.:') in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
Fatal error: require_once(): Failed opening required '/Users/ryan/Tools/magescan/src/../vendor/autoload.php' (include_path='.:') in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
Ryans-MacBook-Pro:bin ryan$ php magescan scan:all www.example.com
PHP Warning: require_once(/Users/ryan/Tools/magescan/src/../vendor/autoload.php): failed to open stream: No such file or directory in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
Warning: require_once(/Users/ryan/Tools/magescan/src/../vendor/autoload.php): failed to open stream: No such file or directory in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
PHP Fatal error: require_once(): Failed opening required '/Users/ryan/Tools/magescan/src/../vendor/autoload.php' (include_path='.:') in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
Fatal error: require_once(): Failed opening required '/Users/ryan/Tools/magescan/src/../vendor/autoload.php' (include_path='.:') in /Users/ryan/Tools/magescan/src/bootstrap.php on line 15
^ for the above errors, I searched the magescan directory for the vendor
subdirectory but didn't find one. This file also doesn't exist magescan/src/bootstrap.php
.
Error when trying to run from magescan.phar
:
$ php magescan.phar scan:all www.example.com
PHP Parse error: syntax error, unexpected '[', expecting ')' in phar:///Users/ryan/Tools/magescan/magescan.phar/vendor/guzzlehttp/promises/src/functions.php on line 41
Parse error: syntax error, unexpected '[', expecting ')' in phar:///Users/ryan/Tools/magescan/magescan.phar/vendor/guzzlehttp/promises/src/functions.php on line 41
I was following the instructions from the README file on Github. Any help appreciated.
I've downloaded all magento versions and made a programmatic analysis of md5sum distribution of {js, skin, media} files among releases. This yielded:
{
"skin/adminhtml/default/default/boxes.css": {
"84b67457247969a206456565111c456b": "CE 1.1.4",
"d0511b190cdddf865cca7873917f9a69": "CE 1.1.1",
"a2c7f9ddda846ba76220d7bcbe85c985": "CE 1.2.1",
"1cbeca223c2e15dcaf500caa5d05b4ed": "CE 1.7.0.0"
},
"js/varien/product.js": {
"6af30941970891608b0be568896946db": "CE 1.2.0"
},
"js/mage/adminhtml/sales.js": {
"839ead52e82a2041f937389445b8db04": "CE 1.3.3.0",
"bdacf81a3cf7121d7a20eaa266a684ec": "CE 1.5.1.0",
"d80c40eeef3ca62eb4243443fe41705e": "CE 1.5.0.1",
"48d609bb2958b93d7254c13957b704c4": "CE 1.6.1.0",
"a86ad3ba7ab64bf9b3d7d2b9861d93dc": "CE 1.0",
"a0436f1eee62dded68e0ec860baeb699": "CE 1.9.1.0",
"26c8fd113b4e51aeffe200ce7880b67a": "CE 1.8.0.0",
"5656a8c1c646afaaf260a130fe405691": "CE 1.8.1.0",
"95e730c4316669f2df71031d5439df21": "CE 1.1.0",
"17da0470950e8dd4b30ccb787b1605f5": "CE 1.1.6",
"5112f328e291234a943684928ebd3d33": "CE 1.1.7",
"c8dd0fd8fa3faa9b9f0dd767b5a2c995": "CE 1.9.1.1",
"a4296235ba7ad200dd042fa5200c11b0": "CE 1.6.0.0",
"d1bfb9f8d4c83e4a6a826d2356a97fd7": "CE 1.3.1.1",
"4422dffc16da547c671b086938656397": "CE 1.4.2.0",
"0e400488c83e63110da75534f49f23f3": "CE 1.3.2.1"
},
"js/mage/adminhtml/product.js": {
"e887acfc2f7af09e04f8e99ac6f7180d": "CE 1.3.0"
},
"skin/frontend/rwd/default/css/styles.css": {
"bf6c8e2ba2fc5162dd5187b39626a3a0": "CE 1.9.0.1",
"8a874fcb6cdcb82947ee4dbbe1822f3e": "CE 1.9.0.0"
},
"js/prototype/validation.js": {
"295494d0966637bdd03e4ec17c2f338c": "CE 1.4.1.0",
"d3252becf15108532d21d45dced96d53": "CE 1.4.1.1"
},
"js/mage/adminhtml/tools.js": {
"ea81bcf8d9b8fcddb27fb9ec7f801172": "CE 1.3.2.2",
"86bbebe2745581cd8f613ceb5ef82269": "CE 1.7.0.1",
"d594237950932b9a3948288a020df1ba": "CE 1.3.2.4"
},
"js/lib/flex.js": {
"4040182326f3836f98acabfe1d507960": "CE 1.4.0.1",
"eb84fc6c93a9d27823dde31946be8767": "CE 1.4.0.0"
}
}
It's not perfect, as some (minor) versions don't have a unique file+hash combination under js/skin/media, but for the majority it works.
How would you feel about each check being moved to it's own command so you could run them individually if required. scan:modules
, scan:unreachable
etc. Obviously we'd still keep scan
, only it would become a meta command that proxies to all sub-commands, rather than containing all the logic itself.
Can you add Magento 2 support when it launches ( Q4 this year )?
Thanks!
Hello Steve,
We have found a plain text file in a few Magento 1 and 2 sites. It was a plain txt file in the root of the site called srobbins.txt and the contents were just this:
"Steve was here A"
I am thinking your scan might have been modified by bad guys. I assume they are scanning for vulnerable ways to upload a file to a site. do any of your scanners test for this?
Hi,
It couldn't get the magento details, but able to get from https://www.magereport.com
Magento Information
+-----------+---------+
| Parameter | Value |
+-----------+---------+
| Edition | Unknown |
| Version | Unknown
Installation via
mkdir -p ~/.n98-magerun/modules
git clone https://github.com/steverobbins/magescan ~/.n98-magerun/modules/magescan
also tried
git clone https://github.com/steverobbins/magescan magescan
cd magescan
curl -sS https://getcomposer.org/installer | php
php composer.phar install
Error Message
Stack trace:
#0 /home/kkrieger/.n98-magerun/modules/magescan/src/MageScan/Command/Scan/AbstractCommand.php(104): MageScan\Request->__construct('http://www.popu...', false)
#1 phar:///usr/local/bin/magerun/vendor/symfony/console/Command/Command.php(211): MageScan\Command\Scan\AbstractCommand->initialize(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#2 phar:///usr/local/bin/magerun/vendor/symfony/console/Application.php(853): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#3 phar:///usr/local/bin/magerun/vendor/symfony/console/Application.php(185): Symfony\Component\Console\Application->doRunCommand(Object(MageScan\Command\Scan\AllCommand), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Conso in /home/kkrieger/.n98-magerun/modules/magescan/src/MageScan/Request.php on line 78
php -v
php -v
PHP 7.2.19-0ubuntu0.19.04.2 (cli) (built: Aug 13 2019 11:45:23) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.19-0ubuntu0.19.04.2, Copyright (c) 1999-2018, by Zend Technologies
php -m
[PHP Modules]
calendar
Core
ctype
date
exif
fileinfo
filter
ftp
gettext
hash
iconv
json
libxml
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
Zend OPcache
zlib
[Zend Modules]
Zend OPcache
This is a problem with composer install/update:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package satooshi/php-coveralls dev-master exists as satooshi/php-coveralls[0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 1.0.x-dev, 1.1.x-dev, 2.0.x-dev, v0.6.0, v0.6.1, v0.7.0, v0.7.1, v1.0.0, v1.0.1, v1.0.2, v1.1.0, v2.0.0] but these are rejected by your constraint.
Greetings Jan
Thanks for creating this tool but the latest release doesn't have the .phar file available, which is so convenient! I tried self-updating from 1.12.7 but that failed - and appears to be a problem with current release too (reported separately). Thanks.
Hi Steve, thanks again for making this!
I'm no PHP programmer but ran into this error using phpunit
:
1) MageScan\Test\Command\ScanCommandTest::testExecute
"Symfony\Component\Console\Helper\TableHelper" is deprecated since version 2.5 and will be removed in 3.0. Use "Symfony\Component\Console\Helper\Table" instead.
/home/willem/git/magescan/vendor/symfony/console/Helper/HelperSet.php:86
/home/willem/git/magescan/vendor/symfony/console/Command/Command.php:636
/home/willem/git/magescan/src/MageScan/Command/ScanCommand.php:160
/home/willem/git/magescan/src/MageScan/Command/ScanCommand.php:129
/home/willem/git/magescan/vendor/symfony/console/Command/Command.php:259
/home/willem/git/magescan/vendor/symfony/console/Tester/CommandTester.php:80
/home/willem/git/magescan/test/MGA/Command/ScanCommandTest.php:34
Hi Steve, thanks for making this.
Using default PHP shipped with Ubuntu LTS 14.04:
$ mga scan myshop.nl
PHP Notice: Use of undefined constant CURLOPT_NOBODY - assumed 'CURLOPT_NOBODY' in phar:///home/willem/Dropbox/desktop/files/bin/mga/src/MGA/Command/ScanCommand.php on line 281
PHP Fatal error: Call to undefined function MGA\curl_init() in phar:///home/willem/Dropbox/desktop/files/bin/mga/src/MGA/Request.php on line 28
$ php -v
PHP 5.5.9-1ubuntu4.9 (cli) (built: Apr 17 2015 11:44:57)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies
Works fine on PHP 5.4.26
Dear Team,
While "Unreachable Path Check" piece gives us lot of false positive... It will be a good enhancement if you can add Content Length of Received Bruteforced Paths...
| Path | Response Code | Status |
Please add another column of "Content-Length" of resulted Paths.. So one can determine the false positives easily.
Sincerely,
My Mac by default doesn't have any root certs available for PHP/curl. How would you feel about adding something like:
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
We could add an option to enable it if you prefer, but verifying the SSL doesn't seem massively important for a security scanning tool. Happy to make a pull request this evening, just wanted to check your thoughts.
Right now it's sending requests synchronously, which takes longer. We should make use of the curl_multi_*
functions.
Below are the issues that i am having. I have tried to reinstall php and a couple other things any help would be nice.
root@kali:~/Documents/Active/SwagShop/magescan# php composer.phar update
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- guzzle/guzzle v3.9.3 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.9.2 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.9.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.9.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.8.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.8.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.4 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.3 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.2 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.6.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.5.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.4.3 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.4.2 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.4.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.4.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.3.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.3.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.2.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.1.2 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.1.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.1.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.7 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.6 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.5 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.4 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.3 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.2 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.0.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v2.8.8 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v2.8.7 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v2.8.6 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v2.8.5 requires ext-curl * -> the requested PHP extension curl is missing from your system.
To enable extensions, verify that they are enabled in your .ini files:
- /etc/php/7.3/cli/php.ini
- /etc/php/7.3/cli/conf.d/10-mysqlnd.ini
- /etc/php/7.3/cli/conf.d/10-opcache.ini
- /etc/php/7.3/cli/conf.d/10-pdo.ini
- /etc/php/7.3/cli/conf.d/15-xml.ini
- /etc/php/7.3/cli/conf.d/20-calendar.ini
- /etc/php/7.3/cli/conf.d/20-ctype.ini
- /etc/php/7.3/cli/conf.d/20-dom.ini
- /etc/php/7.3/cli/conf.d/20-exif.ini
- /etc/php/7.3/cli/conf.d/20-fileinfo.ini
- /etc/php/7.3/cli/conf.d/20-ftp.ini
- /etc/php/7.3/cli/conf.d/20-gettext.ini
- /etc/php/7.3/cli/conf.d/20-iconv.ini
- /etc/php/7.3/cli/conf.d/20-json.ini
- /etc/php/7.3/cli/conf.d/20-mbstring.ini
- /etc/php/7.3/cli/conf.d/20-mysqli.ini
- /etc/php/7.3/cli/conf.d/20-pdo_mysql.ini
- /etc/php/7.3/cli/conf.d/20-phar.ini
- /etc/php/7.3/cli/conf.d/20-posix.ini
- /etc/php/7.3/cli/conf.d/20-readline.ini
- /etc/php/7.3/cli/conf.d/20-shmop.ini
- /etc/php/7.3/cli/conf.d/20-simplexml.ini
- /etc/php/7.3/cli/conf.d/20-sockets.ini
- /etc/php/7.3/cli/conf.d/20-sysvmsg.ini
- /etc/php/7.3/cli/conf.d/20-sysvsem.ini
- /etc/php/7.3/cli/conf.d/20-sysvshm.ini
- /etc/php/7.3/cli/conf.d/20-tokenizer.ini
- /etc/php/7.3/cli/conf.d/20-wddx.ini
- /etc/php/7.3/cli/conf.d/20-xmlreader.ini
- /etc/php/7.3/cli/conf.d/20-xmlwriter.ini
- /etc/php/7.3/cli/conf.d/20-xsl.ini
You can also run php --ini
inside terminal to see which files are used by PHP in CLI mode.
Hi, I just downloaded latest release Version v1.12.9 and tried with the following URL:
php magescan.phar scan:all http://192.168.1.10/magento
The scanner detects magento's version however, all the file checks fail. I examined network traffic and saw that the HEAD requests are missing the magento directory specified in the URL, hence all tests return a 404.
I could not find an option to overcome this problem.
n98 magescan:scan www.example.com
Scanning http://www.example.com/...
Magento Information
PHP Fatal error: Class 'Mvi\Check' not found in /Users/caseybecking/.n98-magerun/modules/magescan/src/MageScan/Check/Version/FileHash.php on line 42
Fatal error: Class 'Mvi\Check' not found in /Users/caseybecking/.n98-magerun/modules/magescan/src/MageScan/Check/Version/FileHash.php on line 42
I have executed bin/magescan scan:version 2020llc.com, But its hang. I have tried to change CURLOPT_CONNECTTIMEOUT from 150 to 10, No luck. If the site is not responding or slow, then I think it's come out from the command prompt, but it is not working.
Other website it is working such as
bin/magescan scan:version dinntrophy.com
Magento Information
+-----------+------------+
| Parameter | Value |
+-----------+------------+
| Edition | Enterprise |
| Version | 1.13.0.2 |
+-----------+------------+
parse data from catalog/seo_sitemap/product
Magerun command in README should be fixed:
magerun magescan:scan ✔ 561 13:55:48
[Symfony\Component\Console\Exception\CommandNotFoundException]
Command "magescan:scan" is not defined.
Did you mean one of these?
magescan:scan:unreachable
magescan:scan:catalog
magescan:scan:sitemap
magescan:scan:version
magescan:scan:module
magescan:scan:server
magescan:scan:patch
magescan:scan:all
Running with scan:patch
returns unknown for any Magento site tested. I've debugged and it appears that the call to magereport.com returns a 0 byte result.
Likely that something has changed at magereport.com's end.
i want need set proxy url like crawlera proxy in php
how can it possible in that ?
Show Magento version if possbile
Thanks for creating this tool. But the "self-update" command fails as magescan.steverobbins.com does not resolve to an IP address.
this will add Added hash for CE 1.9.3.0
also consider adding to magento-version-identification-php the md5 from https://github.com/gwillem/magento-version-identification/blob/master/md5sums/magento-EE-1.14.3.0
let me know i can create a pr for both projects.
D.
[GuzzleHttp\Exception\RequestException]
Error creating resource: [message] fopen(%20http://magentosite/sit
emap.xml_): failed to open stream: No such file or directory
[file] phar:///root/magescan.phar/vendor/guzzlehttp/guzzle/src/Handler/Stre
amHandler.php
[line] 312
[RuntimeException]
Error creating resource: [message] fopen(%20http://magentosite/sit
emap.xml_): failed to open stream: No such file or directory
[file] phar:///root/magescan.phar/vendor/guzzlehttp/guzzle/src/Handler/Stre
amHandler.php
[line] 312
Check skin/js files that exist which are known to be associated with a module.
Use an example.com or magento testing site.
Move the array of checks for modules, unreachable paths and even versions so that they live in a separate set of file(s) or database. This will allow easier update of known modules, paths and also provide the option to create a custom/additional list outside of the core.
Can you add a command line switch to output JSON format for automation?
Thanks!
With the package having a new name, might be an idea to add a replace section into the composer file in case anybody depended on your original package.
"replace": {
"steverobbins/magento-guest-audit": "*"
}
Due to the nature of your tool, might not be a big deal, but thought I'd mention it.
When I started this my only goal was to try and make a Symphony Console app with play with travis/phpunit. To keep this going I think some refactoring is needed. As part of that initiative I think it's best to separate out the commands.
The ScanCommand
class is growing more complex and will continue to grow with each new feature. Before long it won't be maintainable. I'm not certain on the design yet, but here is my proposal:
# list available checks
magescan list
# check magento version, etc
magescan version store.example.com
# run all checks
magescan all store.example.com
For the list
command to work, each command would need to be identified, perhaps the way n98-magerun does it with a config.yaml
. I guess this means I need to customize the Application
object as well.
It would also be nice to setup some sort of ~/.magescan/config.ext
to locally set things like HTTPS validation (#65).
In the long run I think this will make the app more sustainable, easier to develop, and will lead to better unit testing.
Hi @steverobbins This is more of a question rather than an issue.
I was wondering if there is a way of detecting what and how many stores & store views a site is using? Maybe even websites? I was looking on the frontend end for any reference to __store
in the html and also to see if there was a store cookie, sometimes I find them but often I do not. I wonder if there are any other clues.
It would be useful info to have when comparing your site architecture with competitors. Anyway great tool, thanks :)
It seems the built magescan.phar results are not in par with the results return from https://www.magescan.com
hp magescan.phar scan:version http://cheesecloth.ca/
+-----------+------------------+
| Edition | Community |
| Version | 1.7.0.1, 1.7.0.2 |
+-----------+------------------+
php magescan.phar scan:patch http://cheesecloth.ca/
+------------+---------+
| Name | Status |
+------------+---------+
| SUPEE-5344 | Unknown |
| SUPEE-5994 | Unknown |
| SUPEE-6285 | Unknown |
| SUPEE-6482 | Unknown |
| SUPEE-6788 | Unknown |
| SUPEE-7405 | Unknown |
| SUPEE-8788 | Unknown |
+------------+---------+
all the patch seems "applied" by https://magescan.com results.
This site contains an suspicious script that post data to "https://jquery-validation.org/js/jquery-2.2.2.min.js", which is offline at the moment.
Contrast to the above.
php magescan.phar scan:version yatooq.com
+-----------+-----------+
| Edition | Community |
| Version | 1.9.2.0 |
+-----------+-----------+
php magescan.phar scan:patch yatooq.com
+------------+---------+
| Name | Status |
+------------+---------+
| SUPEE-5344 | Unknown |
| SUPEE-5994 | Unknown |
| SUPEE-6285 | Unknown |
| SUPEE-6482 | Unknown |
| SUPEE-6788 | Unknown |
| SUPEE-7405 | Unknown |
| SUPEE-8788 | Unknown |
+------------+---------+
Again, https://www.magescan.com return know results.
Should I just treat "Unknown" patch status as "bad"?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.