bpmcdevitt/wordpress_vuln_checker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added a container wrapper around wordpress vuln db

Browse source
This commit is contained in:
Brendan McDevitt 2022-02-22 19:11:31 -06:00
parent e291547a38
commit a9f745a577
5 changed files with 97 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.env

5
Dockerfile Normal file
View file

@ -0,0 +1,5 @@
FROM python:latest
COPY ./check_wp_vuln.sh /
RUN chmod +x /check_wp_vuln.sh
ENTRYPOINT ["/check_wp_vuln.sh"]

21
README.md
View file

@ -1,3 +1,22 @@
# docker_wordpress_scanner # docker_wordpress_scanner
This is a docker-compose ecosystem that will install a specific target wordpress version in a webserver and then run wpscan against and output the vulnerabilities. It is meant to be used as a quick way to scan a target wordpress version from its base This is a docker-compose ecosystem that will install a specific target wordpress version in a webserver and then run wpscan against and output the vulnerabilities. It is meant to be used as a quick way to scan a target wordpress version from its base
### Usage:
Create a .env file with the following envar
```
WPSCANDB_API_TOKEN=
```
this token is used for wpscan db api calls. To use the container:
```
# PLUGIN
docker run --env-file .env wp_checker --plugin jetpack
# THEME
docker run --env-file .env wp_checker --theme zerif-lite
# VERSION - Example checks version 4.9.4
docker run --env-file .env wp_checker --all 494
```

62
check_wp_vuln.sh Executable file
View file

@ -0,0 +1,62 @@
#!/usr/bin/env bash
# query wpvuln db for vulnerabilities
function plugin {
curl -H "Authorization: Token token=$WPSCANDB_API_TOKEN" https://wpscan.com/api/v3/plugins/$1 2> /dev/null | \
python -m json.tool
}
function theme {
curl -H "Authorization: Token token=$WPSCANDB_API_TOKEN" https://wpscan.com/api/v3/themes/$1 2> /dev/null | \
python -m json.tool
}
function all {
curl -H "Authorization: Token token=$WPSCANDB_API_TOKEN" https://wpscan.com/api/v3/wordpresses/$1 2> /dev/null | \
python -m json.tool
}
function usage {
echo "Usage: $(basename $0) <options> <plugin/theme/wpversion>"
echo "options:"
echo " --help display this help page"
echo " --plugin query api for a specific plugin"
echo " --theme query api for specific theme"
echo " --all retrieve all vulnerabilities in a specific wp version number"
}
if [ -z $1 ]; then
usage
exit
elif [ $# -gt 2 ]; then
echo "too many arguments"
echo " "
usage
exit
fi
case "$1" in
'--help')
usage
;;
'--plugin')
plugin $2
;;
'--theme')
theme $2
;;
'--all')
all $2
;;
esac

9
docker-compose.yml Normal file
View file

@ -0,0 +1,9 @@
version: "3.7"
services:
docker_wordpress_scanner:
build: .
entrypoint: bash -c
tty: true
env_file:
- .env