Styled output in table, added check for admin and ajax actions

webarx-security · Apr 23, 2019 · d8beb91 · d8beb91
1 parent 431ffea
commit d8beb91
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 2 deletions.
diff --git a/core/modules.py b/core/modules.py
@@ -1,6 +1,6 @@
 import re
 import copy
-
+from core import scanner
 
 class BaseClass(object):
 
@@ -42,7 +42,7 @@ def execute(self, content, file):
         matches = self.run(self, content, file)
         for match in matches:
             if match[0]:
-                print(self.severity + " - " + self.name + " - " + file + ":" + str(self.get_match_line(content, match[0])) + " - " + match[0])
+                scanner.CODE_VULNERABILITIES.append([self.severity, self.name, file + ":" + str(self.get_match_line(content, match[0])), match[0] ])
 
     # Build dynamic regex pattern to locate vulnerabilities in given content
     def build_pattern(self, content, file):

diff --git a/core/passive_check.py b/core/passive_check.py
@@ -0,0 +1,39 @@
+import re
+from terminaltables import AsciiTable, DoubleTable, SingleTable
+from colorama import Fore, Back, Style
+import copy
+
+
+ADMIN_ACTIONS_DATA = [
+    ['Action Name', 'Function', 'File'],
+]
+
+AJAX_HOOKS_DATA = [
+    ['Action Name', 'Function', 'File'],
+]
+
+
+def passive_check(content, path):
+    scope_admin_actions(content, path)
+    scope_ajax_hooks(content, path)
+
+
+def scope_functions(content):
+    pattern = r"function(\s+?)([a-zA-Z_0-9-]+?)(\s?)+\((.+?)\)(\s{0,}\S{0,}){"
+    matches = re.findall(pattern=pattern, string=content)
+    for match in matches:
+        print(match[1])
+
+
+def scope_ajax_hooks(content, file):
+    pattern = r"(add_action(\s{0,}\S{0,})\((\s{0,}\S{0,})(\"|')(wp_ajax_[a-zA-Z0-9_-]+))(?!{)(\"|')(\s{0,}\S{0,}),(.+)(\"|')(\s{0,})([a-zA-Z0-9_-]+)(\s{0,})(\"|')"
+    matches = re.findall(pattern=pattern, string=content)
+    for match in matches:
+        AJAX_HOOKS_DATA.append([match[4], match[10], file])
+
+
+def scope_admin_actions(content, file):
+    pattern = r"(add_action(\s{0,}\S{0,})\((\s{0,}\S{0,})(\"|')(admin_action_[a-zA-Z0-9_-]+))(?!{)(\"|')(\s{0,}\S{0,}),(.+)(\"|')(\s{0,})([a-zA-Z0-9_-]+)(\s{0,})(\"|')"
+    matches = re.findall(pattern=pattern, string=content)
+    for match in matches:
+        ADMIN_ACTIONS_DATA.append([match[4], match[10], file])
diff --git a/core/scanner.py b/core/scanner.py
@@ -1,6 +1,16 @@
 from Modules import *
 import os
+from core import passive_check
+from core.passive_check import passive_check as passive_check_processor
 
+from terminaltables import AsciiTable, DoubleTable, SingleTable
+from colorama import Fore, Back, Style
+import copy
+
+
+CODE_VULNERABILITIES = [
+    ['Severity', 'Vulnerability', 'File', 'Info']
+]
 
 # Main function to handle files processing
 def scan(args):
@@ -17,10 +27,32 @@ def scan(args):
                 print('Checked files: ' + str(count_files), end="\r")
                 check_file(file, r, modules)
 
+    # Print registered admin actions
+    table_instance = SingleTable(passive_check.ADMIN_ACTIONS_DATA, Fore.GREEN + " Admin Actions " + Style.RESET_ALL)
+    table_instance.justify_columns[2] = 'left'
+    print(table_instance.table)
+    print()
+
+    # Print registered ajax hooks
+    table_instance = SingleTable(passive_check.AJAX_HOOKS_DATA, Fore.YELLOW + " Registered Hooks " + Style.RESET_ALL)
+    table_instance.justify_columns[2] = 'left'
+    print(table_instance.table)
+    print()
+
+    # Print vulnerabilities
+    table_instance = SingleTable(CODE_VULNERABILITIES, Fore.YELLOW + " Found Vulnerabilities " + Style.RESET_ALL)
+    table_instance.justify_columns[2] = 'left'
+    print(table_instance.table)
+    print()
 
 def check_file(file,r, modules):
     path = os.path.join(r, file)
     content = read_file(path)
+
+    # Run passive check for user inputs
+    passive_check_processor(content, path)
+
+    # Run source code analysis
     process_file(content, path, modules)
 
 

diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,3 @@
+colorama==0.4.1
+tabulate==0.8.3
+terminaltables==3.1.0
diff --git a/wpbullet.py b/wpbullet.py
@@ -1,5 +1,15 @@
 import argparse
 from core import scanner
+import signal
+import sys
+
+
+def signal_handler(sig, frame):
+    sys.exit(0)
+
+
+# Register signal handler
+signal.signal(signal.SIGINT, signal_handler)
 
 
 def main():