Mageargus Malware Scanner Magento 2 Extension

MageArgus – Magento 2 Security Scanner by W3CTRL

Know exactly how secure your store is. MageArgus runs a deep, white-box security audit from inside your Magento installation — reading the real filesystem, database and configuration — so it catches what an external scanner never can. Every scan produces a clear 0–100 security score, a graded report grouped by category, and copy-paste (or one-click) fixes.

✨ Key Features

• ✅ Security Score (0–100) & Grade (A–F): Every finding is weighted into one shareable score with a clear grade.
• ✅ On-Disk Patch Confirmation: Verifies critical CVEs (SessionReaper, CosmicSting and more) are actually patched on disk — not just guessed from the version string.
• ✅ Version Currency Check: Flags whether your Magento release is up to date, behind, or unsupported.
• ✅ File Malware & Webshell Detection: Signature + heuristic scan of high-risk directories, fake-image polyglots and PHP under pub/media.
• ✅ Database Malware Scan: Detects injected skimmer/Magecart code in CMS blocks, pages and store configuration.
• ✅ Admin Hardening Audit: 2FA, secret-key URLs, custom admin path, CAPTCHA, login lockout, session lifetime, account sharing + rogue-admin & integration-token detection.
• ✅ Exposed Files & Secrets: Finds .git folders, env.php backups, public database dumps and dev tools (phpinfo/adminer) reachable from the web.
• ✅ Permission & Integrity Audit: Checks env.php permissions, world-writable paths, deploy mode and cron health.
• ✅ One-Click Auto-Fix: Safely fixes permissions and hardening settings straight from the dashboard — never touches suspected malware automatically.
• ✅ Security Dashboard & Scan History: Live score, pass/fail summary cards and a full history of every scan (manual, cron or CLI).
• ✅ Detailed Reports + PDF: Grouped, native-admin report with Download PDF and emailed reports.
• ✅ Scheduled Scans: Automated daily / weekly / monthly cron scans with email alerts and a PDF attachment.
• ✅ Email Reports: Full report delivered to your inbox — always, or only when critical findings appear.
• ✅ Command-Line Scanner: bin/magento mageargus:secscan:run with a clean, colourised report for CI/automation.

🚀 Why Choose This Extension?

• Professional development by Magento experts
• White-box depth the free online scanners can’t reach (filesystem + database + config)
• Lightweight by design — locked, time-budgeted scans that won’t overload your server
• PHP 8.4 compatible with modern coding standards
• Multi-store support
• Easy installation via Composer
• Comprehensive documentation
• 6 months priority support
• 12 months free updates

📋 Requirements

Magento 2.4.x | PHP 8.1, 8.2, 8.3, or 8.4 | MySQL 8.0+ or MariaDB 10.4+