Skip to content

Magento

Getting Magento Version

# Magento has 2 mains branches, Magento 1 and Magento 2

# On Magento 2, you can add /magento_version
targetsite.com/magento_version

# On magento 1, you have another login interface at /dowloader
# Versions can be displayed in the footer
https://www.example.com/downloader/
https://www.example.com/magento/downloader/

# You can find the version by comparing hash file signatures 
# between several versions and the running one.
# That's what magescan does.
https://github.com/steverobbins/magento-version-identification-php

Magescan

# Online scanner
# Usefull and complete, but online
https://magescan.com/

# Magescan is a complete scanner for Magento applications.
# The idea behind this is to evaluate the quality and security of 
# a Magento site you don't have access to.

https://github.com/steverobbins/magescan

# Scan techniques : 
# - all : full scan
# - catalog : get catalog information
# - modules : get installed modules (plugins)
# - patch : get patch informations
# - server : get server technology
# - sitemap : get sitemap
# - unreachable : check unreachable paths
# - version : get magento version
magescan.phar scan:<technique> store.example.com

# If set, SSL certificates won't be validated
magescan.phar scan:<technique> store.example.com --insecure
magescan.phar scan:<technique> store.example.com -k

# Lists all modules searched for, not just those found
magescan.phar scan:<technique> store.example.com --show-modules