A program that checks wordpress vulnerabilities using the wordfence API.

Find a file

Brendan McDevitt dbdf8bc88c update README to show usage/help		2022-02-24 01:06:59 -06:00
.gitignore	added a container wrapper around wordpress vuln db	2022-02-22 19:11:31 -06:00
check_wp_vuln.sh	added a container wrapper around wordpress vuln db	2022-02-22 19:11:31 -06:00
docker-compose.yml	added a container wrapper around wordpress vuln db	2022-02-22 19:11:31 -06:00
Dockerfile	added a container wrapper around wordpress vuln db	2022-02-22 19:11:31 -06:00
README.md	update README to show usage/help	2022-02-24 01:06:59 -06:00

README.md

docker_wordpress_scanner

This is a shell script that calls out to the wpscan database of vulnerabilities and gives you the ability to query for vulnerable themes, plugins, and wordpress versions.

Pre-requisites:

Signup for an account with a free API key at https://wpscan.com/. They give you 25 api calls per day. If you need more API calls then you can upgrade your account plan. See their pricing page for more info.

Usage:

Create a .env file with the following envar

WPSCANDB_API_TOKEN=

this token is used for wpscan db api calls. To use the container:

# BUILD IT
docker build -t wp_checker .

# HELP / USAGE

docker run --env-file .env wp_checker --help
Usage: check_wp_vuln.sh <options> <plugin/theme/wpversion>
options:
 --help                 display this help page
 --plugin               query api for a specific plugin
 --theme                query api for specific theme
 --all                  retrieve all vulnerabilities in a specific wp version number

# PLUGIN
docker run --env-file .env wp_checker --plugin jetpack

# THEME
docker run --env-file .env wp_checker --theme zerif-lite

# VERSION - Example checks version 4.9.4
docker run --env-file .env wp_checker --all 494