added a container wrapper around wordpress vuln db

2022-02-22 19:11:31 -06:00 · 2022-02-22 19:11:31 -06:00 · a9f745a577
commit a9f745a577
parent e291547a38
5 changed files with 97 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.env
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+FROM python:latest
+COPY ./check_wp_vuln.sh /
+
+RUN chmod +x /check_wp_vuln.sh
+ENTRYPOINT ["/check_wp_vuln.sh"]
--- a/README.md
+++ b/README.md
@ -1,3 +1,22 @@
 # docker_wordpress_scanner

-This is a docker-compose ecosystem that will install a specific target wordpress version in a webserver and then run wpscan against and output the vulnerabilities. It is meant to be used as a quick way to scan a target wordpress version from its base
+This is a docker-compose ecosystem that will install a specific target wordpress version in a webserver and then run wpscan against and output the vulnerabilities. It is meant to be used as a quick way to scan a target wordpress version from its base
+
+### Usage:
+Create a .env file with the following envar
+```
+WPSCANDB_API_TOKEN=
+```
+
+this token is used for wpscan db api calls. To use the container:
+
+```
+# PLUGIN
+docker run --env-file .env wp_checker --plugin jetpack
+
+# THEME
+docker run --env-file .env wp_checker --theme zerif-lite
+
+# VERSION - Example checks version 4.9.4
+docker run --env-file .env wp_checker --all 494 
+```
--- a/check_wp_vuln.sh
+++ b/check_wp_vuln.sh
@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+# query wpvuln db for vulnerabilities
+
+function plugin {
+
+	curl -H "Authorization: Token token=$WPSCANDB_API_TOKEN" https://wpscan.com/api/v3/plugins/$1 2> /dev/null | \
+python -m json.tool 
+
+	}
+
+function theme {
+
+	curl -H "Authorization: Token token=$WPSCANDB_API_TOKEN" https://wpscan.com/api/v3/themes/$1 2> /dev/null | \
+python -m json.tool 
+
+	}
+
+function all {
+	curl -H "Authorization: Token token=$WPSCANDB_API_TOKEN" https://wpscan.com/api/v3/wordpresses/$1 2> /dev/null | \
+python -m json.tool
+
+	}
+
+function usage {
+
+echo "Usage: $(basename $0) <options> <plugin/theme/wpversion>"
+echo "options:"
+echo " --help			display this help page"
+echo " --plugin		query api for a specific plugin"
+echo " --theme 		query api for specific theme"
+echo " --all			retrieve all vulnerabilities in a specific wp version number"
+
+}
+
+
+if [ -z $1 ]; then
+  usage
+  exit
+elif [ $# -gt 2 ]; then
+  echo "too many arguments"
+  echo " "
+  usage
+  exit
+fi
+
+case "$1" in
+  '--help')
+    usage
+    ;;
+
+  '--plugin')
+    plugin $2
+    ;;
+
+  '--theme')
+    theme $2
+    ;;
+
+  '--all')
+    all $2
+    ;;
+esac
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,9 @@
+version: "3.7"
+
+services:
+    docker_wordpress_scanner:
+          build: .
+          entrypoint: bash -c
+          tty: true
+          env_file:
+            - .env