37 lines
1.2 KiB
Markdown
37 lines
1.2 KiB
Markdown
# docker_wordpress_scanner
|
|
This is a shell script that calls out to the wpscan database of vulnerabilities and gives you the ability to query for vulnerable themes, plugins, and wordpress versions.
|
|
|
|
### Pre-requisites:
|
|
Signup for an account with a free API key at https://wpscan.com/. They give you 25 api calls per day. If you need more API calls then you can upgrade your account plan. See their pricing page for more info.
|
|
|
|
### Usage:
|
|
Create a .env file with the following envar
|
|
```
|
|
WPSCANDB_API_TOKEN=
|
|
```
|
|
|
|
this token is used for wpscan db api calls. To use the container:
|
|
|
|
```
|
|
# BUILD IT
|
|
docker build -t wp_checker .
|
|
|
|
# HELP / USAGE
|
|
|
|
docker run --env-file .env wp_checker --help
|
|
Usage: check_wp_vuln.sh <options> <plugin/theme/wpversion>
|
|
options:
|
|
--help display this help page
|
|
--plugin query api for a specific plugin
|
|
--theme query api for specific theme
|
|
--all retrieve all vulnerabilities in a specific wp version number
|
|
|
|
# PLUGIN
|
|
docker run --env-file .env wp_checker --plugin jetpack
|
|
|
|
# THEME
|
|
docker run --env-file .env wp_checker --theme zerif-lite
|
|
|
|
# VERSION - Example checks version 4.9.4
|
|
docker run --env-file .env wp_checker --all 494
|
|
```
|