def __init__(self, conf):
log.info("Daemon mode selected, looping for ever...")
# keep data in memory
wpwatcher = WPWatcher(conf)
while True:
# Run scans for ever
wpwatcher.run_scans_and_notify()
log.info("Daemon sleeping %s and scanning again..." %
conf['daemon_loop_sleep'])
time.sleep(conf['daemon_loop_sleep'].total_seconds())
def __init__(self):
args = self.parse_args()
init_log(args.verbose, args.quiet)
# If template conf , print and exit
if args.template_conf:
print(WPWatcherConfig.TEMPLATE_FILE)
exit(0)
log.info(
"WPWatcher - Automating WPscan to scan and report vulnerable Wordpress sites"
)
# If version, print and exit
if args.version:
log.info("Version:\t\t%s" % VERSION)
log.info("Authors:\t\t%s" "" % AUTHORS)
exit(0)
# Init WPWatcher obhect and dump reports
if args.wprs != False:
if args.wprs == None:
f = WPWatcher(WPWatcherConfig().build_config()
[0]).find_wp_reports_file()
else:
f = args.wprs
log.info("Reports: %s" % (f))
with open(f) as r:
results = json.load(r)
print(results_summary(results))
exit(0)
# Read config
configuration = self.build_config_cli(args)
# Create main object
wpwatcher = WPWatcher(configuration)
# If daemon lopping
if wpwatcher.conf['daemon']:
log.info("Daemon mode selected, looping for ever...")
results = None # Keep databse in memory
while True:
# Run scans for ever
exit_code, results = wpwatcher.run_scans_and_notify()
timesleep = wpwatcher.conf['daemon_loop_sleep']
log.info("Daemon sleeping %s and scanning again..." %
timesleep)
time.sleep(timesleep.total_seconds())
wpwatcher = WPWatcher(self.build_config_cli(args))
wpwatcher.wp_reports = results
# Run scans and quit
else:
exit_code, results = wpwatcher.run_scans_and_notify()
exit(exit_code)
def __init__(self):
"""Main program entrypoint"""
# Parse arguments
args = self.parse_args()
# Init logger with CLi arguments
init_log(args.verbose, args.quiet)
# If template conf , print and exit
if args.template_conf: self.template_conf()
# Print "banner"
log.info(
"WPWatcher - Automating WPscan to scan and report vulnerable Wordpress sites"
)
# If version, print and exit
if args.version: self.verion()
# Init WPWatcher obhect and dump reports
if args.wprs != False: self.wprs(args.wprs, args.daemon)
# Read config
configuration = self.build_config_cli(args)
# If daemon lopping
if configuration['daemon']:
# Run 4 ever
WPWatcherDaemon(configuration)
else:
# Run scans and quit
# Create main object
wpwatcher = WPWatcher(configuration)
exit_code, _ = wpwatcher.run_scans_and_notify()
exit(exit_code)
def __init__(self):
"""Main program entrypoint"""
# Parse arguments
args = self.parse_args()
# Init logger with CLi arguments
init_log(args.verbose, args.quiet)
# If template conf , print and exit
if args.template_conf:
self.template_conf()
# Print "banner"
log.info(
"WPWatcher - Automating WPscan to scan and report vulnerable Wordpress sites"
)
if args.version:
# Print and exit
self.verion()
if args.wprs != False:
# Init WPWatcherDataBase object and dump reports
self.wprs(filepath=args.wprs, daemon=args.daemon)
# Read config
configuration = self.build_config_cli(args)
if args.show:
# Init WPWatcherDataBase object and dump cli formatted report
self.show(
urlpart=args.show,
filepath=configuration["wp_reports"],
daemon=args.daemon,
)
# Launch syslog test
if args.syslog_test:
self.syslog_test(configuration)
# If daemon lopping
if configuration["daemon"]:
# Run 4 ever
WPWatcherDaemon(configuration)
else:
# Run scans and quit
# Create main object
wpwatcher = WPWatcher(configuration)
exit_code, _ = wpwatcher.run_scans_and_notify()
exit(exit_code)
def test_config(self):
config="""
[wpwatcher]
wpscan_args=[ "--format", "cli",
"--no-banner",
"--random-user-agent",
"--disable-tls-checks" ]
wp_sites=%s
send_email_report=Yes
send_infos=Yes
send_errors=Yes
send_warnings=No
attach_wpscan_output=Yes
resend_emails_after=5d
wp_reports=./test.json
follow_redirect=Yes
"""%(json.dumps(self.get_sites()))
w=WPWatcher(WPWatcherConfig(string=config).build_config()[0])
exit_code, results=w.run_scans_and_notify()
self.assertEqual(0, exit_code)
def test_scan_radom_sites(self):
# This test might be illegal in your country
# Get list of Wordpress sites if not already downloaded
filename='/tmp/wp_sites'
if not os.path.isfile(filename):
myfile = requests.get(SOURCE)
open(filename, 'wb').write(myfile.content)
# Select X from the 50M
idxs = random.sample(range(50000), HOW_MANY)
urls=[linecache.getline(filename, i) for i in idxs]
# Prepare scan config
CONFIG1="""
[wpwatcher]
wp_sites=%s
smtp_server=localhost:1025
[email protected]
email_to=["*****@*****.**"]
wpscan_args=["--rua", "--stealthy", "--format", "cli", "--no-banner", "--disable-tls-checks"]
false_positive_strings=["You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"]
send_email_report=Yes
log_file=./TEST-wpwatcher.log.conf
wp_reports=./TEST-wp_reports.json.conf
asynch_workers=10
follow_redirect=Yes
wpscan_output_folder=./TEST-wpscan-results/
send_infos=Yes
"""%json.dumps([{'url':s.strip()} for s in urls])
# Select X from the 50M
idxs = random.sample(range(50000), HOW_MANY)
urls=[linecache.getline(filename, i) for i in idxs]
# Prepare scan config
CONFIG2="""
[wpwatcher]
wp_sites=%s
smtp_server=localhost:1025
[email protected]
email_to=["*****@*****.**"]
wpscan_args=["--rua", "--stealthy", "--format", "json", "--no-banner", "--disable-tls-checks"]
false_positive_strings=["You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"]
send_email_report=Yes
log_file=./TEST-wpwatcher.log.conf
wp_reports=./TEST-wp_reports.json.conf
asynch_workers=10
follow_redirect=Yes
wpscan_output_folder=./TEST-wpscan-results/
attach_wpscan_output=Yes
send_infos=Yes
send_errors=Yes
email_errors_to=["admins@domain"]
# prescan_without_api_token=Yes
"""%json.dumps([{'url':s.strip()} for s in urls])
# Select X from the 50M
idxs = random.sample(range(50000), HOW_MANY)
urls=[linecache.getline(filename, i) for i in idxs]
# Prepare scan config
CONFIG3="""
[wpwatcher]
wp_sites=%s
smtp_server=localhost:1025
[email protected]
email_to=["*****@*****.**"]
wpscan_args=["--rua", "--stealthy", "--format", "json", "--no-banner", "--disable-tls-checks"]
false_positive_strings=["You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"]
send_email_report=Yes
log_file=./TEST-wpwatcher.log.conf
wp_reports=./TEST-wp_reports.json.conf
asynch_workers=10
follow_redirect=Yes
wpscan_output_folder=./TEST-wpscan-results/
attach_wpscan_output=Yes
send_warnings=No
send_errors=Yes
fail_fast=Yes
"""%json.dumps([{'url':s.strip()} for s in urls])
# Launch SMPT debbug server
smtpd.DebuggingServer(('localhost',1025), None )
executor = concurrent.futures.ThreadPoolExecutor(1)
executor.submit(asyncore.loop)
# Init WPWatcher
w1 = WPWatcher(WPWatcherConfig(string=CONFIG1).build_config()[0])
# Run scans
res1=w1.run_scans_and_notify()
# Init WPWatcher
w2 = WPWatcher(WPWatcherConfig(string=CONFIG2).build_config()[0])
# Run scans
res2=w2.run_scans_and_notify()
# Init WPWatcher
w3 = WPWatcher(WPWatcherConfig(string=CONFIG3).build_config()[0])
# Run scans
res3=w3.run_scans_and_notify()
# Close mail server
asyncore.close_all()
self.assertEqual(type(res1), tuple, "run_scans_and_notify returned an invalied result")
