magescan.phar vs magescan.com on patch results

Question

magescan.phar vs magescan.com on patch results

commutecat opened this issue 8 years ago · 1 comments

It seems the built magescan.phar results are not in par with the results return from https://www.magescan.com

hp magescan.phar scan:version http://cheesecloth.ca/
+-----------+------------------+
| Edition   | Community        |
| Version   | 1.7.0.1, 1.7.0.2 |
+-----------+------------------+

php magescan.phar scan:patch http://cheesecloth.ca/
+------------+---------+
| Name       | Status  |
+------------+---------+
| SUPEE-5344 | Unknown |
| SUPEE-5994 | Unknown |
| SUPEE-6285 | Unknown |
| SUPEE-6482 | Unknown |
| SUPEE-6788 | Unknown |
| SUPEE-7405 | Unknown |
| SUPEE-8788 | Unknown |
+------------+---------+

all the patch seems "applied" by https://magescan.com results.
This site contains an suspicious script that post data to "https://jquery-validation.org/js/jquery-2.2.2.min.js", which is offline at the moment.

Contrast to the above.


php magescan.phar scan:version yatooq.com

+-----------+-----------+
| Edition   | Community |
| Version   | 1.9.2.0   |
+-----------+-----------+

php magescan.phar scan:patch  yatooq.com
+------------+---------+
| Name       | Status  |
+------------+---------+
| SUPEE-5344 | Unknown |
| SUPEE-5994 | Unknown |
| SUPEE-6285 | Unknown |
| SUPEE-6482 | Unknown |
| SUPEE-6788 | Unknown |
| SUPEE-7405 | Unknown |
| SUPEE-8788 | Unknown |
+------------+---------+

Again, https://www.magescan.com return know results.

Should I just treat "Unknown" patch status as "bad"?

Answer 1 · 2016-11-10T16:31:59.000Z

The command line version and the .com use different code. Command line is just a mirror for magereport.com, so try scanning your site their and compare results.