Skip to main content

WordPress malware scanner with headless and Textual TUI modes

Project description

wp-scanner

By Kim Schulz kim@schulz.dk

wp-scanner is a WordPress malware scanner focused on finding backdoors, crypto miners, suspicious loaders, and obfuscated payloads in WordPress file trees.

Warning

Use this tool carefully. Quarantine/delete actions can change or remove files. Always take a backup before remediation.

Features

  • Signature-based malware detection (100+ built-in signatures)
  • Heuristic detection for suspicious WordPress patterns
  • Optional WordPress core verification to skip unchanged official core files
  • Interactive Textual TUI with sortable findings, details modal with source view, filtering, export, and remediation actions
  • Headless mode with JSON/HTML report output
  • Audit logging for remediation actions
  • Restore support from quarantine via audit log

Installation

pip

Install from the current directory:

pip install .

Install with TUI dependencies:

pip install 'wp-scanner[tui]'

For local editable/testing installs from this repository, use:

pip install '.[tui]'

pipx

Install as an isolated CLI app:

pipx install .

Install with TUI dependencies:

pipx install 'wp-scanner[tui]'

For local installs from this repository, use:

pipx install --pip-args='.[tui]' .

If you run without TUI dependencies, the scanner falls back to headless mode automatically.

Quick Start

Run TUI scan:

wp-scanner /path/to/wordpress

Run headless scan:

wp-scanner /path/to/wordpress --no-tui

Common Usage

Headless scan with reports:

wp-scanner /path/to/wordpress --no-tui --report-json ./ --report-html ./

Use custom signatures:

wp-scanner /path/to/wordpress --no-tui --signatures ./custom-signatures.json

Verify against official WordPress core and skip unchanged core files:

wp-scanner /path/to/wordpress --verify-core

Offline core verification (cached core only):

wp-scanner /path/to/wordpress --verify-core --verify-core-offline

Remediation (Headless)

Quarantine infected files:

wp-scanner /path/to/wordpress --no-tui --quarantine --quarantine-dir ./quarantine --yes

Delete infected files:

wp-scanner /path/to/wordpress --no-tui --delete --yes

Restore from quarantine using audit log:

wp-scanner /path/to/wordpress --no-tui --restore --audit-log ./wp-scan-remediation-audit.jsonl --yes

TUI Controls

Main controls:

  • q: quit
  • p: pause/resume scan
  • r: stop/restart scan
  • j / k or arrows: move selection
  • d or enter: open details modal
  • s: toggle sort
  • e: export findings
  • space: select/unselect current finding
  • a: select/unselect all visible findings
  • x: quarantine selected
  • delete: delete selected
  • u: open restore modal

Notes

  • Findings can include false positives. Review critical/high findings first.
  • Core verification and remediation audit logging are intended to reduce unnecessary scanning and improve operational safety.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wp_scanner-1.0.1.tar.gz (37.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wp_scanner-1.0.1-py3-none-any.whl (33.1 kB view details)

Uploaded Python 3

File details

Details for the file wp_scanner-1.0.1.tar.gz.

File metadata

  • Download URL: wp_scanner-1.0.1.tar.gz
  • Upload date:
  • Size: 37.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for wp_scanner-1.0.1.tar.gz
Algorithm Hash digest
SHA256 ebbbf2779c90c0caa037d49b4c39f95985a69c46a7aa23a0af4e055ed6f33fc0
MD5 ba50cfd23cdf7067957143e58e16bbb8
BLAKE2b-256 350e07671f8e00c190093f7e43d924c72cb613ebd5e1ba167e056e1f20c39656

See more details on using hashes here.

File details

Details for the file wp_scanner-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: wp_scanner-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 33.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for wp_scanner-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 64970f0945b1611a674da20d98c46a5270b00e345c5d80efd62cfdcdee322588
MD5 6d5ff3f14b34e828d00a21368f44094d
BLAKE2b-256 d62f8351e9ba5a1c7c695c311ddf4c08afce6b7c4de1334509a68dcba8bcabb0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page