WordPress malware scanner with headless and Textual TUI modes
Project description
wp-scanner
By Kim Schulz kim@schulz.dk
wp-scanner is a WordPress malware scanner focused on finding backdoors, crypto miners, suspicious loaders, and obfuscated payloads in WordPress file trees.
Warning
Use this tool carefully. Quarantine/delete actions can change or remove files. Always take a backup before remediation.
Features
- Signature-based malware detection (100+ built-in signatures)
- Heuristic detection for suspicious WordPress patterns
- Optional WordPress core verification to skip unchanged official core files
- Interactive Textual TUI with sortable findings, details modal with source view, filtering, export, and remediation actions
- Headless mode with JSON/HTML report output
- Audit logging for remediation actions
- Restore support from quarantine via audit log
Installation
pip
Install from the current directory:
pip install .
Install with TUI dependencies:
pip install 'wp-scanner[tui]'
For local editable/testing installs from this repository, use:
pip install '.[tui]'
pipx
Install as an isolated CLI app:
pipx install .
Install with TUI dependencies:
pipx install 'wp-scanner[tui]'
For local installs from this repository, use:
pipx install --pip-args='.[tui]' .
If you run without TUI dependencies, the scanner falls back to headless mode automatically.
Quick Start
Run TUI scan:
wp-scanner /path/to/wordpress
Run headless scan:
wp-scanner /path/to/wordpress --no-tui
Common Usage
Headless scan with reports:
wp-scanner /path/to/wordpress --no-tui --report-json ./ --report-html ./
Use custom signatures:
wp-scanner /path/to/wordpress --no-tui --signatures ./custom-signatures.json
Verify against official WordPress core and skip unchanged core files:
wp-scanner /path/to/wordpress --verify-core
Offline core verification (cached core only):
wp-scanner /path/to/wordpress --verify-core --verify-core-offline
Remediation (Headless)
Quarantine infected files:
wp-scanner /path/to/wordpress --no-tui --quarantine --quarantine-dir ./quarantine --yes
Delete infected files:
wp-scanner /path/to/wordpress --no-tui --delete --yes
Restore from quarantine using audit log:
wp-scanner /path/to/wordpress --no-tui --restore --audit-log ./wp-scan-remediation-audit.jsonl --yes
TUI Controls
Main controls:
q: quitp: pause/resume scanr: stop/restart scanj/kor arrows: move selectiondorenter: open details modals: toggle sorte: export findingsspace: select/unselect current findinga: select/unselect all visible findingsx: quarantine selecteddelete: delete selectedu: open restore modal
Notes
- Findings can include false positives. Review critical/high findings first.
- Core verification and remediation audit logging are intended to reduce unnecessary scanning and improve operational safety.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wp_scanner-1.1.0.tar.gz.
File metadata
- Download URL: wp_scanner-1.1.0.tar.gz
- Upload date:
- Size: 39.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eb6e5229575383e6b77b7b967a4c74e9c629d7ef2c1144a7784df14ea531663c
|
|
| MD5 |
800f8bfeea53251dd6dc3649b79bcb5c
|
|
| BLAKE2b-256 |
cf6623fcb35041e36dc7f830d4b8f4cf359c5849e7ae74bbf3d01f84fcf10cef
|
File details
Details for the file wp_scanner-1.1.0-py3-none-any.whl.
File metadata
- Download URL: wp_scanner-1.1.0-py3-none-any.whl
- Upload date:
- Size: 34.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fbf495487c52af5fa9229a8bf995b645723c14672a69dbd3583e2966494a34ea
|
|
| MD5 |
7aa6d163fb0b7cd371cb4f34ec917a3e
|
|
| BLAKE2b-256 |
6b301c8eba3cf239496223e36616e3de3dfee2a6e6515f9428427e559301d4dc
|