Soooo… I was just updating my sites with new hashes and thought “this would be so much easier if I could just pull them from a neat git repo”.
So that’s what I did: https://github.com/philipjohn/exploit-scanner-hashes
Thanks to the guys who’ve already generated hashes, and especially to @mattyrob for the generator which I’ve also included in the repo.
For those of you who are keen I’ve even mused about improvements: https://github.com/philipjohn/exploit-scanner-hashes/issues
Obviously if you generate the hashes before me (highly likely!) then please do fork & pull to keep the repo up to date.
I’ve just used Git for the first time and sent you hashes for 3.8 😉 I hope I did it right!
@mattyrob Just added you as a collaborator too so you should (I think) be able to push directly in future
Any chance of including the ability to pull the hashes from the git repo right into the plugin? It’s save a couple steps! Or maybe including a handy link in the admin interface to help calcified brains like mine remember where to pull the hashes from?
(Either way, I really appreciate your work on this plugin and the up-keep on the hashes. It’s been a real life-saver for me more than once!)
If you’re using SSH you should be able to do the following;
$ cd wp-content/plugins $ git clone email@example.com:philipjohn/exploit-scanner-hashes.git $ mv exploit-scanner-hashes/* exploit-scanner/
Then, each time a new version is released, this should work;
$ cd wp-content/plugins/exploit-scanner $ git pull origin master
If you’re not using SSH you’ll still need to download locally and then upload the new hashes.
The only other way would probably be to fork the entire plugin, which given it may have been abandoned might not be a bad idea…
@donncha i’m happy to jump in if needed. likely can script something up to create the hashes for the tagged builts.
The hashes for WordPress work great. I’m getting a lot of errors listed on the plugins.
Is there a way to include the plugins in the hash file.
I’ve tried creating a hash file for each plugin and adding it into the wp-content/plugins/exploit-scanner directory.
It didn’t work.
I also tried zipping all plugin folders along with WordPress 3.9 folder into one zip file called latest.zip.
That didn’t work either.
Are there any ideas what I might do to remove the false positives from the scan?
- The topic ‘Git repo for Hashes’ is closed to new replies.