Skip to content

@kotakanbe kotakanbe released this Apr 8, 2019 · 51 commits to master since this release

New Features

WordPress Vulnerability Scan (core, plugin, theme)

For non-commercial use, you can use this WordPress integration for free.
But for commercial use, You have to send a E-Mail to the WPVulnDB team.
For Details, see the NOTE:

If you are under any doubt if your software is classed as non-commercial and/or would like to inquire about commercial usage of our databases get in touch.

First, you need to register a user and get the API token from your profile page on wpvulndb.com.
And then, check whether the wp command is insatalled on the scan target server.
A sample configuration is below.

  • config.toml
  [servers.kusanagi]
    user = "root"
    host = "10.10.10.10"
    port = "22"

  [servers.kusanagi.wordpress]
    cmdPath = "/usr/local/bin/wp"
    osUser = "wordpress"
    docRoot = "/home/kusanagi/wp/DocumentRoot/"
    wpVulnDBToken = "xxxxTokenxxxx"
    ignoreInactive = false
  • cmdPath: A path of wp-cli on the WordPress server
  • osUser: A OS user of wp-cli on the WordPress server
  • docRoot: A path of document root on the WordPress server
  • wpVulnDBToken: A token of WPVULNDB API
  • ignoreInactive: Ignore plugins or themes which are inactive state

Scan

To scan WordPress, execute as below.

$ vuls scan kusanagi

Vuls collects WordPrss Core version, plugins and themes via wp-cli.

Reporting

$ vuls report

Vuls detects vulnerabilities via accessing WPVulnDB.com via HTTP.

  • Slack

  • TUI

  • Full-Text

Changelog

6a1fc4f Merge branch 'master' of https://github.com/future-architect/vuls
9008d0d Add news to readme
583f457 fix goreleaser.yml
e5716d5 Add news to readme
7192ae1 Bump up version
99c65ef feat(scan): WordPress Vulnerability Scan (core, plugin, theme) (#769)
91df593 Editorial fixes (#798)
07aeaeb update go-exploitdb (#797)
cfeecda update pkgs (#796)
564dfa8 update cve dictionary (#795)
75dd6f2 Specify VOLUME using json syntax (#791)
e26fd0b fix(report): Critical Bug Fix for CPE based scanning #793 (#794)
d630680 feat(slack): enable -format-one-line-text with -to-slack (#792)
1723c3f fix(report): cpe match bug: go-cve-dictionary#120 (#790)
53dd903 fix(scan): parse error on SUSE #515 (#786)
5c6e06b Handle no-auth SMTP Servers and one liner email fix (#772)
cf6fb0c models: fix no-op append calls (#785)
e0e71b2 add scanner info in -to-saas (#783)
53f4a29 change implemention of integration (#780)

Assets 4
You can’t perform that action at this time.