Skip to main content

WordPress malware scanner with headless and Textual TUI modes

Project description

wp-scanner

By Kim Schulz kim@schulz.dk

wp-scanner is a WordPress malware scanner focused on finding backdoors, crypto miners, suspicious loaders, and obfuscated payloads in WordPress file trees.

Warning

Use this tool carefully. Quarantine/delete actions can change or remove files. Always take a backup before remediation.

Features

  • Signature-based malware detection (100+ built-in signatures)
  • Heuristic detection for suspicious WordPress patterns
  • Optional WordPress core verification to skip unchanged official core files
  • Interactive Textual TUI with sortable findings, details modal with source view, filtering, export, and remediation actions
  • Headless mode with JSON/HTML report output
  • Audit logging for remediation actions
  • Restore support from quarantine via audit log

Installation

pip

Install from the current directory:

pip install .

Install with TUI dependencies:

pip install 'wp-scanner[tui]'

For local editable/testing installs from this repository, use:

pip install '.[tui]'

pipx

Install as an isolated CLI app:

pipx install .

Install with TUI dependencies:

pipx install 'wp-scanner[tui]'

For local installs from this repository, use:

pipx install --pip-args='.[tui]' .

If you run without TUI dependencies, the scanner falls back to headless mode automatically.

Quick Start

Run TUI scan:

wp-scanner /path/to/wordpress

Run headless scan:

wp-scanner /path/to/wordpress --no-tui

Common Usage

Headless scan with reports:

wp-scanner /path/to/wordpress --no-tui --report-json ./ --report-html ./

Use custom signatures:

wp-scanner /path/to/wordpress --no-tui --signatures ./custom-signatures.json

Verify against official WordPress core and skip unchanged core files:

wp-scanner /path/to/wordpress --verify-core

Offline core verification (cached core only):

wp-scanner /path/to/wordpress --verify-core --verify-core-offline

Remediation (Headless)

Quarantine infected files:

wp-scanner /path/to/wordpress --no-tui --quarantine --quarantine-dir ./quarantine --yes

Delete infected files:

wp-scanner /path/to/wordpress --no-tui --delete --yes

Restore from quarantine using audit log:

wp-scanner /path/to/wordpress --no-tui --restore --audit-log ./wp-scan-remediation-audit.jsonl --yes

TUI Controls

Main controls:

  • q: quit
  • p: pause/resume scan
  • r: stop/restart scan
  • j / k or arrows: move selection
  • d or enter: open details modal
  • s: toggle sort
  • e: export findings
  • space: select/unselect current finding
  • a: select/unselect all visible findings
  • x: quarantine selected
  • delete: delete selected
  • u: open restore modal

Notes

  • Findings can include false positives. Review critical/high findings first.
  • Core verification and remediation audit logging are intended to reduce unnecessary scanning and improve operational safety.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wp_scanner-1.0.2.tar.gz (37.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wp_scanner-1.0.2-py3-none-any.whl (33.2 kB view details)

Uploaded Python 3

File details

Details for the file wp_scanner-1.0.2.tar.gz.

File metadata

  • Download URL: wp_scanner-1.0.2.tar.gz
  • Upload date:
  • Size: 37.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for wp_scanner-1.0.2.tar.gz
Algorithm Hash digest
SHA256 5e25cf15b652ef5d7d1db134b29266a1ae038d4d44e0f4179f416266aaa5f398
MD5 3cd7cb46f2efa7c8b8bf151c852037c9
BLAKE2b-256 aa0ecb1a30d9b9f1c1898339d3db5039316aaf3c53f7ed8716ed64f38f2c774b

See more details on using hashes here.

File details

Details for the file wp_scanner-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: wp_scanner-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 33.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for wp_scanner-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 0007fce0f938bedc73d5eae0bf7d14bc3092045d38d9b94db824140329ed1197
MD5 74983d6fe4d04d538862a357850dc28b
BLAKE2b-256 9fc2f6af6945e9fdba85dfc2d929a5614dba8e10c08aa292ba9b40cfc094ddab

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page