New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: machine readable reporting mechanism #198

Closed
sempervictus opened this Issue May 22, 2013 · 22 comments

Comments

Projects
None yet
@sempervictus

sempervictus commented May 22, 2013

Wonderful tool guys, very useful to show clients the low hanging fruit of their developers labors... :)

Are there any plans to include output reporting to XML/JSON/SomeFormat?
The data collected could be very useful when imported into SIEMs or Metasploit.

We can already run wpscan through MSF a few ways:
Called from inside framework using PR 1723, the http proxy in 1831, or the good old socks proxy. Primarily these mechanisms increase our reach through L3 forwarding, but can also provide useful data for the pentest through request/response/service/host logging. Although we can now log all of the pages and associated response (and request) headers to the DB, it would be much more useful if we could also import vulnerability and informational data from the scan.

I can take a stab at doing this as a PR, but my schedule wont allow this for a while to come.

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek May 22, 2013

Contributor

I can help implementing this if there is not functionality already. What SIEM-product are you using? If it is open-source or there is good API I could figure out if there is a way to import scan results automatically.

Contributor

fgeek commented May 22, 2013

I can help implementing this if there is not functionality already. What SIEM-product are you using? If it is open-source or there is good API I could figure out if there is a way to import scan results automatically.

@froschi

This comment has been minimized.

Show comment
Hide comment
@froschi

froschi May 27, 2013

I came up with the same requirement only a couple of days ago - have a machine-parsable kind of output, ideally written to a filename I'd provide. JSON would be nice. Alternatively, I would take something like a --quiet switch which omits the banner and the progress bar. In particular, the progress bar. Emails from wpscan output piped into a text file are currently ... well, unreadable ;-)

For me, I do not need something piped into a SIEM directly. Just some structured output which allows for further processing afterwards. I don't have time to provide code, but I could probably come up with a rough and dirty spec for JSON output, if you'd like.

froschi commented May 27, 2013

I came up with the same requirement only a couple of days ago - have a machine-parsable kind of output, ideally written to a filename I'd provide. JSON would be nice. Alternatively, I would take something like a --quiet switch which omits the banner and the progress bar. In particular, the progress bar. Emails from wpscan output piped into a text file are currently ... well, unreadable ;-)

For me, I do not need something piped into a SIEM directly. Just some structured output which allows for further processing afterwards. I don't have time to provide code, but I could probably come up with a rough and dirty spec for JSON output, if you'd like.

@kbron

This comment has been minimized.

Show comment
Hide comment
@kbron

kbron Jul 23, 2013

i here looking for the same thing - a way to automatically send the output to the metasploit db, something like db_nmap but db_wpscan

thank you

kbron commented Jul 23, 2013

i here looking for the same thing - a way to automatically send the output to the metasploit db, something like db_nmap but db_wpscan

thank you

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek Jul 23, 2013

Contributor

In my opinion we should make specs of the output reporting (fileformat, internals) and tools to use that format to cover different use cases (SIEM imports etc). Users could also make their own tools.

Contributor

fgeek commented Jul 23, 2013

In my opinion we should make specs of the output reporting (fileformat, internals) and tools to use that format to cover different use cases (SIEM imports etc). Users could also make their own tools.

@yeukhon

This comment has been minimized.

Show comment
Hide comment
@yeukhon

yeukhon Jan 3, 2014

This was in progress: #290
But the branch seems to be inactive at the moment. Any of you working on it?

yeukhon commented Jan 3, 2014

This was in progress: #290
But the branch seems to be inactive at the moment. Any of you working on it?

@ethicalhack3r

This comment has been minimized.

Show comment
Hide comment
@ethicalhack3r

ethicalhack3r Oct 5, 2015

Member

This has been implemented in WPScan v3 which is currently closed source while we finish some things off

Member

ethicalhack3r commented Oct 5, 2015

This has been implemented in WPScan v3 which is currently closed source while we finish some things off

@iam-merlin

This comment has been minimized.

Show comment
Hide comment
@iam-merlin

iam-merlin commented Oct 28, 2015

👍

@iam-merlin

This comment has been minimized.

Show comment
Hide comment
@iam-merlin

iam-merlin Dec 15, 2015

Do you have a release date for this issue? I'll be glad to move my output parser to something cleaner ^^

iam-merlin commented Dec 15, 2015

Do you have a release date for this issue? I'll be glad to move my output parser to something cleaner ^^

@markri

This comment has been minimized.

Show comment
Hide comment
@markri

markri Dec 17, 2015

Also waiting for this. Also mailed ethicalhack3r with some suggestions for output, but never got a reply?

Meanwhile I was really in need for some automatic checking, so wrote a tiny script which helps me for now. @iam-merlin If you're willing to script all things together this might help you https://gist.github.com/markri/4dbc52e4e9d749875835#file-wpsecurity_filter

As referenced in https://markri.nl/?p=23

markri commented Dec 17, 2015

Also waiting for this. Also mailed ethicalhack3r with some suggestions for output, but never got a reply?

Meanwhile I was really in need for some automatic checking, so wrote a tiny script which helps me for now. @iam-merlin If you're willing to script all things together this might help you https://gist.github.com/markri/4dbc52e4e9d749875835#file-wpsecurity_filter

As referenced in https://markri.nl/?p=23

@iam-merlin

This comment has been minimized.

Show comment
Hide comment
@iam-merlin

iam-merlin Dec 17, 2015

@markri thank you for your feedback, big thank. I just move a part of my original code to a zf2 module for reference. If you are interesting : https://github.com/eoko/wpscan

As you can see, I just put port to zf2 some of my handler ... to replace them to a cleaner code that will come with this issue.

By the way, do you handle wpscan update? I didn't found --no-interactive flag :/

iam-merlin commented Dec 17, 2015

@markri thank you for your feedback, big thank. I just move a part of my original code to a zf2 module for reference. If you are interesting : https://github.com/eoko/wpscan

As you can see, I just put port to zf2 some of my handler ... to replace them to a cleaner code that will come with this issue.

By the way, do you handle wpscan update? I didn't found --no-interactive flag :/

@theabraxas

This comment has been minimized.

Show comment
Hide comment
@theabraxas

theabraxas Nov 21, 2016

Any further development on this?

theabraxas commented Nov 21, 2016

Any further development on this?

@markri

This comment has been minimized.

Show comment
Hide comment
@markri

markri Nov 21, 2016

@theabraxas I just received a ping about this issue. Although I like wpscan for being easy to use, I already moved away from wpscan, because its a blackbox sanner (which may give false positives, and generates lots of load on the server). Because of this I wrote a whitebox scanner and released it under http://wp-sec.org which has different output options including JSON. Maybe this can be of help?

markri commented Nov 21, 2016

@theabraxas I just received a ping about this issue. Although I like wpscan for being easy to use, I already moved away from wpscan, because its a blackbox sanner (which may give false positives, and generates lots of load on the server). Because of this I wrote a whitebox scanner and released it under http://wp-sec.org which has different output options including JSON. Maybe this can be of help?

@macbroadcast

This comment has been minimized.

Show comment
Hide comment
@macbroadcast

macbroadcast Nov 21, 2016

Hello @markri , nice work , is it possible to check a remote WP site with wp-sec or just local installations ? thanks

macbroadcast commented Nov 21, 2016

Hello @markri , nice work , is it possible to check a remote WP site with wp-sec or just local installations ? thanks

@FireFart

This comment has been minimized.

Show comment
Hide comment
@FireFart

FireFart Nov 21, 2016

Member

@macbroadcast the tool uses the local only way because that way it can detect all installed plugins. There are also several worpdress plugins available which check your site on a daily basis for new vulns and show a warning in the dashboard if any are found

Member

FireFart commented Nov 21, 2016

@macbroadcast the tool uses the local only way because that way it can detect all installed plugins. There are also several worpdress plugins available which check your site on a daily basis for new vulns and show a warning in the dashboard if any are found

@sempervictus

This comment has been minimized.

Show comment
Hide comment
@sempervictus

sempervictus Dec 12, 2016

I've addressed this in #1029, at least to the point of exporting everything printed to JSON. Enhancements and comments welcome...

sempervictus commented Dec 12, 2016

I've addressed this in #1029, at least to the point of exporting everything printed to JSON. Enhancements and comments welcome...

@erwanlr

This comment has been minimized.

Show comment
Hide comment
@erwanlr

erwanlr Feb 3, 2017

Member

Done in v3: https://github.com/wpscanteam/wpscan-v3

-f json
--format json

can be used along with --output/-o file-path

Member

erwanlr commented Feb 3, 2017

Done in v3: https://github.com/wpscanteam/wpscan-v3

-f json
--format json

can be used along with --output/-o file-path

@erwanlr erwanlr closed this Feb 3, 2017

@iam-merlin

This comment has been minimized.

Show comment
Hide comment
@iam-merlin

iam-merlin Feb 3, 2017

offer a 🍺 to this man!
thx

iam-merlin commented Feb 3, 2017

offer a 🍺 to this man!
thx

@vikasprogrammer

This comment has been minimized.

Show comment
Hide comment
@vikasprogrammer

vikasprogrammer Sep 11, 2017

Any updates on this?

vikasprogrammer commented Sep 11, 2017

Any updates on this?

@FireFart

This comment has been minimized.

Show comment
Hide comment
@FireFart

FireFart Sep 11, 2017

Member

you can use wpscanv3 if you want machine readable output

Member

FireFart commented Sep 11, 2017

you can use wpscanv3 if you want machine readable output

@vikasprogrammer

This comment has been minimized.

Show comment
Hide comment
@vikasprogrammer

vikasprogrammer Sep 11, 2017

Is it maintained similar to wpscan main repo?

vikasprogrammer commented Sep 11, 2017

Is it maintained similar to wpscan main repo?

@FireFart

This comment has been minimized.

Show comment
Hide comment
@FireFart

FireFart Sep 11, 2017

Member

it uses the same vulnerability data but it's still in beta state

Member

FireFart commented Sep 11, 2017

it uses the same vulnerability data but it's still in beta state

@vikasprogrammer

This comment has been minimized.

Show comment
Hide comment
@vikasprogrammer

vikasprogrammer Sep 11, 2017

Sure, thank you!

vikasprogrammer commented Sep 11, 2017

Sure, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment