Portal Home > Knowledgebase > Articles Database > How to check vulnerable script on a website
How to check vulnerable script on a website
| Posted by aniga17, 11-14-2014, 07:08 AM |
| Hi Friends,
How to check vulnerable script(to any kind of attack) in a website like WordPress, Joomla, Druple without login the clients website?
Hope to help
|
| Posted by Andei, 11-14-2014, 07:10 AM |
| There are several websites claiming they can scan your website, such as this one: https://www.scanmyserver.com/
But truly you'll never be 100% sure about how safe their code is unless you do an internal audit, which means logging into the client's account.
|
| Posted by aniga17, 11-14-2014, 07:14 AM |
| Yes that is true no body knows how safe their code.
When i say checking i mean scanning the whole website for vulnerable script like the site is out of date
|
| Posted by Andei, 11-14-2014, 07:19 AM |
| Ah, what you need is a scan from within, you could take a look at SiteLock, they offer daily FTP scans (among other scans) which means their software will login in your website's FTP and scan the source code of the files, but it's a paid service.
|
| Posted by aniga17, 11-14-2014, 07:22 AM |
| Ok thank you but is there any linux tool that can do that job? like LMD
|
| Posted by madaboutlinux, 11-14-2014, 07:50 AM |
| The anti-virus available for Linux isn't that good like we have for Windows and their results are substandard as far as my experience is concerned. You may try clamscan or maldet if you wish.
|
| Posted by Srv24x7, 11-15-2014, 02:14 AM |
| Hi,
You can try sucuri online scanner to check the site and they will advise if the CMS is outdated or note also.
In addition, you can try Nessus vulnerability scanner on the site to check for the vulnerability.
|
| Posted by aniga17, 11-15-2014, 06:47 AM |
| Maldet is malware scanner and suspicious files
clamscan is for server mail
but i need different tool for finding vulnerabilities in Websites
|
| Posted by aniga17, 11-15-2014, 06:50 AM |
| 200 sites is not easy for sucuri what i want is like scan whole domains and then get info from each one
|
| Posted by TheSHosting, 11-15-2014, 06:51 AM |
| Scan the site using http://sitecheck.sucuri.net/ OR
http://www.unmaskparasites.com/
|
| Posted by aniga17, 11-15-2014, 07:39 AM |
| Thank you but that is not what i am looking for
|
| Posted by grapenut, 11-15-2014, 11:02 AM |
| a bit confused as to what you are looking for, you want to scan for malicious stuff but without access to the site? you will be severely limited in what you can find if you are not able to log in and review the content.
sure you can try to use some popular dorks for the specific url to see if you can find any shells or other known malicious scripts, but that isn't very reliable.
if you are just looking for vulnerabilites then as mentioned by a previous poster something like nessus or openvas could be helpful.
if you are just looking for wordpress or joomla in certain, the following are going to assist you:
http://wpscan.org/
https://www.owasp.org/index.php/Cate...canner_Project
|
| Posted by aniga17, 11-19-2014, 01:56 AM |
| What a nice shoot grapenut thank you i was looking for wpscan thank you again
|
| Posted by papi, 11-20-2014, 06:19 PM |
| google "oldscriptfinder" ...its a low cost script that you run from the shell, it scans /home and shows you all the scripts that are installed and which version and what the latest available version of that script it
It can even do things like notify account owners (via their cpanel contact email for example) that they have an outdated script asking them to update (the email templates are configurable iirc) - but yeah its basic scan function would do what you want
|
| Posted by aniga17, 11-21-2014, 12:11 PM |
| Papi thank you
|
| Posted by samk2824, 11-22-2014, 01:21 PM |
| Please Be Clear What Are You Looking For....
If You Want To Hide Your Site Code Then Block Spiders Of Some Sites Which Do This Job....
|
Add to Favourites 
Print this Article
Also Read
