def __init__(self, conf): log.info("Daemon mode selected, looping for ever...") # keep data in memory wpwatcher = WPWatcher(conf) while True: # Run scans for ever wpwatcher.run_scans_and_notify() log.info("Daemon sleeping %s and scanning again..." % conf['daemon_loop_sleep']) time.sleep(conf['daemon_loop_sleep'].total_seconds())
def __init__(self): args = self.parse_args() init_log(args.verbose, args.quiet) # If template conf , print and exit if args.template_conf: print(WPWatcherConfig.TEMPLATE_FILE) exit(0) log.info( "WPWatcher - Automating WPscan to scan and report vulnerable Wordpress sites" ) # If version, print and exit if args.version: log.info("Version:\t\t%s" % VERSION) log.info("Authors:\t\t%s" "" % AUTHORS) exit(0) # Init WPWatcher obhect and dump reports if args.wprs != False: if args.wprs == None: f = WPWatcher(WPWatcherConfig().build_config() [0]).find_wp_reports_file() else: f = args.wprs log.info("Reports: %s" % (f)) with open(f) as r: results = json.load(r) print(results_summary(results)) exit(0) # Read config configuration = self.build_config_cli(args) # Create main object wpwatcher = WPWatcher(configuration) # If daemon lopping if wpwatcher.conf['daemon']: log.info("Daemon mode selected, looping for ever...") results = None # Keep databse in memory while True: # Run scans for ever exit_code, results = wpwatcher.run_scans_and_notify() timesleep = wpwatcher.conf['daemon_loop_sleep'] log.info("Daemon sleeping %s and scanning again..." % timesleep) time.sleep(timesleep.total_seconds()) wpwatcher = WPWatcher(self.build_config_cli(args)) wpwatcher.wp_reports = results # Run scans and quit else: exit_code, results = wpwatcher.run_scans_and_notify() exit(exit_code)
def __init__(self): """Main program entrypoint""" # Parse arguments args = self.parse_args() # Init logger with CLi arguments init_log(args.verbose, args.quiet) # If template conf , print and exit if args.template_conf: self.template_conf() # Print "banner" log.info( "WPWatcher - Automating WPscan to scan and report vulnerable Wordpress sites" ) # If version, print and exit if args.version: self.verion() # Init WPWatcher obhect and dump reports if args.wprs != False: self.wprs(args.wprs, args.daemon) # Read config configuration = self.build_config_cli(args) # If daemon lopping if configuration['daemon']: # Run 4 ever WPWatcherDaemon(configuration) else: # Run scans and quit # Create main object wpwatcher = WPWatcher(configuration) exit_code, _ = wpwatcher.run_scans_and_notify() exit(exit_code)
def __init__(self): """Main program entrypoint""" # Parse arguments args = self.parse_args() # Init logger with CLi arguments init_log(args.verbose, args.quiet) # If template conf , print and exit if args.template_conf: self.template_conf() # Print "banner" log.info( "WPWatcher - Automating WPscan to scan and report vulnerable Wordpress sites" ) if args.version: # Print and exit self.verion() if args.wprs != False: # Init WPWatcherDataBase object and dump reports self.wprs(filepath=args.wprs, daemon=args.daemon) # Read config configuration = self.build_config_cli(args) if args.show: # Init WPWatcherDataBase object and dump cli formatted report self.show( urlpart=args.show, filepath=configuration["wp_reports"], daemon=args.daemon, ) # Launch syslog test if args.syslog_test: self.syslog_test(configuration) # If daemon lopping if configuration["daemon"]: # Run 4 ever WPWatcherDaemon(configuration) else: # Run scans and quit # Create main object wpwatcher = WPWatcher(configuration) exit_code, _ = wpwatcher.run_scans_and_notify() exit(exit_code)
def test_config(self): config=""" [wpwatcher] wpscan_args=[ "--format", "cli", "--no-banner", "--random-user-agent", "--disable-tls-checks" ] wp_sites=%s send_email_report=Yes send_infos=Yes send_errors=Yes send_warnings=No attach_wpscan_output=Yes resend_emails_after=5d wp_reports=./test.json follow_redirect=Yes """%(json.dumps(self.get_sites())) w=WPWatcher(WPWatcherConfig(string=config).build_config()[0]) exit_code, results=w.run_scans_and_notify() self.assertEqual(0, exit_code)
def test_scan_radom_sites(self): # This test might be illegal in your country # Get list of Wordpress sites if not already downloaded filename='/tmp/wp_sites' if not os.path.isfile(filename): myfile = requests.get(SOURCE) open(filename, 'wb').write(myfile.content) # Select X from the 50M idxs = random.sample(range(50000), HOW_MANY) urls=[linecache.getline(filename, i) for i in idxs] # Prepare scan config CONFIG1=""" [wpwatcher] wp_sites=%s smtp_server=localhost:1025 [email protected] email_to=["*****@*****.**"] wpscan_args=["--rua", "--stealthy", "--format", "cli", "--no-banner", "--disable-tls-checks"] false_positive_strings=["You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"] send_email_report=Yes log_file=./TEST-wpwatcher.log.conf wp_reports=./TEST-wp_reports.json.conf asynch_workers=10 follow_redirect=Yes wpscan_output_folder=./TEST-wpscan-results/ send_infos=Yes """%json.dumps([{'url':s.strip()} for s in urls]) # Select X from the 50M idxs = random.sample(range(50000), HOW_MANY) urls=[linecache.getline(filename, i) for i in idxs] # Prepare scan config CONFIG2=""" [wpwatcher] wp_sites=%s smtp_server=localhost:1025 [email protected] email_to=["*****@*****.**"] wpscan_args=["--rua", "--stealthy", "--format", "json", "--no-banner", "--disable-tls-checks"] false_positive_strings=["You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"] send_email_report=Yes log_file=./TEST-wpwatcher.log.conf wp_reports=./TEST-wp_reports.json.conf asynch_workers=10 follow_redirect=Yes wpscan_output_folder=./TEST-wpscan-results/ attach_wpscan_output=Yes send_infos=Yes send_errors=Yes email_errors_to=["admins@domain"] # prescan_without_api_token=Yes """%json.dumps([{'url':s.strip()} for s in urls]) # Select X from the 50M idxs = random.sample(range(50000), HOW_MANY) urls=[linecache.getline(filename, i) for i in idxs] # Prepare scan config CONFIG3=""" [wpwatcher] wp_sites=%s smtp_server=localhost:1025 [email protected] email_to=["*****@*****.**"] wpscan_args=["--rua", "--stealthy", "--format", "json", "--no-banner", "--disable-tls-checks"] false_positive_strings=["You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"] send_email_report=Yes log_file=./TEST-wpwatcher.log.conf wp_reports=./TEST-wp_reports.json.conf asynch_workers=10 follow_redirect=Yes wpscan_output_folder=./TEST-wpscan-results/ attach_wpscan_output=Yes send_warnings=No send_errors=Yes fail_fast=Yes """%json.dumps([{'url':s.strip()} for s in urls]) # Launch SMPT debbug server smtpd.DebuggingServer(('localhost',1025), None ) executor = concurrent.futures.ThreadPoolExecutor(1) executor.submit(asyncore.loop) # Init WPWatcher w1 = WPWatcher(WPWatcherConfig(string=CONFIG1).build_config()[0]) # Run scans res1=w1.run_scans_and_notify() # Init WPWatcher w2 = WPWatcher(WPWatcherConfig(string=CONFIG2).build_config()[0]) # Run scans res2=w2.run_scans_and_notify() # Init WPWatcher w3 = WPWatcher(WPWatcherConfig(string=CONFIG3).build_config()[0]) # Run scans res3=w3.run_scans_and_notify() # Close mail server asyncore.close_all() self.assertEqual(type(res1), tuple, "run_scans_and_notify returned an invalied result")