def _adjust_special_cli_args(conf_args: Dict[str, Any]) -> Dict[str, Any]:
"""
Adjust special CLI arguments types.
Arguments:
- 'conf_args': Configuration dict with CLI parsed values only
"""
# Adjust special case of urls that are list of dict
if "wp_sites" in conf_args:
conf_args["wp_sites"] = [{
"url": site
} for site in conf_args["wp_sites"]]
# Adjust special case of resend_emails_after
if "resend_emails_after" in conf_args:
conf_args["resend_emails_after"] = parse_timedelta(
conf_args["resend_emails_after"])
# Adjust special case of daemon_loop_sleep
if "daemon_loop_sleep" in conf_args:
conf_args["daemon_loop_sleep"] = parse_timedelta(
conf_args["daemon_loop_sleep"])
# Adjust special case of wpscan_args
if "wpscan_args" in conf_args:
conf_args["wpscan_args"] = shlex.split(conf_args["wpscan_args"])
return conf_args
def build_config(self):
"""Parse the config file(s) and return WPWatcher config.
Return a tuple (config dict, read files list).
The dict returned contain all possible config values. Default values are applied if not specified in the file(s) or string.
"""
# Saving config file in right dict format and types - no 'wpwatcher' section, just config options
config_dict = {
# Configurable witg cli arguments
"wp_sites": self.getjson("wp_sites"),
"send_email_report": self.getbool("send_email_report"),
"send_errors": self.getbool("send_errors"),
"email_to": self.getjson("email_to"),
"send_infos": self.getbool("send_infos"),
"quiet": self.getbool("quiet"),
"verbose": self.getbool("verbose"),
"attach_wpscan_output": self.getbool("attach_wpscan_output"),
"fail_fast": self.getbool("fail_fast"),
"api_limit_wait": self.getbool("api_limit_wait"),
"daemon": self.getbool("daemon"),
"daemon_loop_sleep": parse_timedelta(
self.parser.get("wpwatcher", "daemon_loop_sleep")
),
"resend_emails_after": parse_timedelta(
self.parser.get("wpwatcher", "resend_emails_after")
),
"wp_reports": self.parser.get("wpwatcher", "wp_reports"),
"asynch_workers": self.parser.getint("wpwatcher", "asynch_workers"),
"log_file": self.parser.get("wpwatcher", "log_file"),
"follow_redirect": self.getbool("follow_redirect"),
"wpscan_output_folder": self.parser.get(
"wpwatcher", "wpscan_output_folder"
),
"wpscan_args": self.getjson("wpscan_args"),
"scan_timeout": parse_timedelta(
self.parser.get("wpwatcher", "scan_timeout")
),
"false_positive_strings": self.getjson("false_positive_strings"),
# Not configurable with cli arguments
"send_warnings": self.getbool("send_warnings"),
"email_errors_to": self.getjson("email_errors_to"),
"wpscan_path": self.parser.get("wpwatcher", "wpscan_path"),
"smtp_server": self.parser.get("wpwatcher", "smtp_server"),
"smtp_auth": self.getbool("smtp_auth"),
"smtp_user": self.parser.get("wpwatcher", "smtp_user"),
"smtp_pass": self.parser.get("wpwatcher", "smtp_pass"),
"smtp_ssl": self.getbool("smtp_ssl"),
"from_email": self.parser.get("wpwatcher", "from_email"),
"use_monospace_font": self.getbool("use_monospace_font"),
"syslog_server": self.parser.get("wpwatcher", "syslog_server"),
"syslog_port": self.getint("syslog_port"),
"syslog_stream": self.parser.get("wpwatcher", "syslog_stream"),
"syslog_kwargs": self.getjson("syslog_kwargs"),
}
return (config_dict, self.files)
def adjust_special_cli_args(conf_args):
"""Adjust special CLI arguments types.
Arguments:
- 'conf_args': Configuration dict with CLI parsed values only"""
# Adjust special case of urls that are list of dict
if 'wp_sites' in conf_args: conf_args['wp_sites']=[ {"url":site} for site in conf_args['wp_sites'] ]
# Adjust special case of resend_emails_after
if 'resend_emails_after' in conf_args: conf_args['resend_emails_after']=parse_timedelta(conf_args['resend_emails_after'])
# Adjust special case of daemon_loop_sleep
if 'daemon_loop_sleep' in conf_args: conf_args['daemon_loop_sleep']=parse_timedelta(conf_args['daemon_loop_sleep'])
# Adjust special case of wpscan_args
if 'wpscan_args' in conf_args: conf_args['wpscan_args']=shlex.split(conf_args['wpscan_args'])
return conf_args
def build_config_cli(args):
args = vars(args) if hasattr(
args, '__dict__') and not type(args) == dict else args
# Configuration variables
conf_files = args['conf'] if 'conf' in args else None
# Init config dict: read config files
configuration, files = WPWatcherConfig(files=conf_files).build_config()
if files: log.info("Load config file(s) : %s" % files)
conf_args = {}
# Sorting out only args that matches config options and that are not None or False
for k in args:
if k in WPWatcherConfig.DEFAULT_CONFIG.keys() and args[k]:
conf_args.update({k: args[k]})
# Append or init list of urls from file if any
if 'wp_sites_list' in args and args['wp_sites_list']:
with open(args['wp_sites_list'], 'r') as urlsfile:
sites = [
site.replace('\n', '') for site in urlsfile.readlines()
]
conf_args[
'wp_sites'] = sites if 'wp_sites' not in conf_args else conf_args[
'wp_sites'] + sites
# Adjust special case of urls that are list of dict
if 'wp_sites' in conf_args:
conf_args['wp_sites'] = [{
"url": site
} for site in conf_args['wp_sites']]
# Adjust special case of resend_emails_after
if 'resend_emails_after' in conf_args:
conf_args['resend_emails_after'] = parse_timedelta(
conf_args['resend_emails_after'])
# Adjust special case of daemon_loop_sleep
if 'daemon_loop_sleep' in conf_args:
conf_args['daemon_loop_sleep'] = parse_timedelta(
conf_args['daemon_loop_sleep'])
# Adjust special case of wpscan_args
if 'wpscan_args' in conf_args:
conf_args['wpscan_args'] = shlex.split(conf_args['wpscan_args'])
# if vars(args)['resend']: conf_args['resend_email_after']=timedelta(seconds=0)
# Overwrite with conf dict biult from CLI Args
if conf_args: configuration.update(conf_args)
return configuration
def build_config(self):
config_dict = {}
try:
# Saving config file in right dict format - no 'wpwatcher' section, just config options
config_dict = {
# Configurable witg cli arguments
'wp_sites':
self.getjson(self.parser, 'wp_sites'),
'send_email_report':
self.getbool(self.parser, 'send_email_report'),
'send_errors':
self.getbool(self.parser, 'send_errors'),
'email_to':
self.getjson(self.parser, 'email_to'),
'send_infos':
self.getbool(self.parser, 'send_infos'),
'quiet':
self.getbool(self.parser, 'quiet'),
'verbose':
self.getbool(self.parser, 'verbose'),
'attach_wpscan_output':
self.getbool(self.parser, 'attach_wpscan_output'),
'fail_fast':
self.getbool(self.parser, 'fail_fast'),
'api_limit_wait':
self.getbool(self.parser, 'api_limit_wait'),
'daemon':
self.getbool(self.parser, 'daemon'),
'daemon_loop_sleep':
parse_timedelta(
self.parser.get('wpwatcher', 'daemon_loop_sleep')),
'resend_emails_after':
parse_timedelta(
self.parser.get('wpwatcher', 'resend_emails_after')),
'wp_reports':
self.parser.get('wpwatcher', 'wp_reports'),
'asynch_workers':
self.parser.getint('wpwatcher', 'asynch_workers'),
'log_file':
self.parser.get('wpwatcher', 'log_file'),
'follow_redirect':
self.getbool(self.parser, 'follow_redirect'),
'wpscan_output_folder':
self.parser.get('wpwatcher', 'wpscan_output_folder'),
'wpscan_args':
self.getjson(self.parser, 'wpscan_args'),
'prescan_without_api_token':
self.getbool(self.parser, 'prescan_without_api_token'),
'scan_timeout':
parse_timedelta(self.parser.get('wpwatcher', 'scan_timeout')),
'false_positive_strings':
self.getjson(self.parser, 'false_positive_strings'),
# Not configurable with cli arguments
'send_warnings':
self.getbool(self.parser, 'send_warnings'),
'email_errors_to':
self.getjson(self.parser, 'email_errors_to'),
'wpscan_path':
self.parser.get('wpwatcher', 'wpscan_path'),
'smtp_server':
self.parser.get('wpwatcher', 'smtp_server'),
'smtp_auth':
self.getbool(self.parser, 'smtp_auth'),
'smtp_user':
self.parser.get('wpwatcher', 'smtp_user'),
'smtp_pass':
self.parser.get('wpwatcher', 'smtp_pass'),
'smtp_ssl':
self.getbool(self.parser, 'smtp_ssl'),
'from_email':
self.parser.get('wpwatcher', 'from_email')
}
return ((config_dict, self.files))
except Exception as err:
log.error("Could not read config " + str(self.files) +
". Error: " + str(err))
raise
"""
Wordpress Watcher
Automating WPscan to scan and report vulnerable Wordpress sites
DISCLAIMER - USE AT YOUR OWN RISK.
"""
import shlex
import subprocess
import json
import time
import threading
from datetime import datetime
from wpwatcher import log
from wpwatcher.utils import safe_log_wpscan_args, parse_timedelta
UPDATE_DB_INTERVAL = parse_timedelta("1h")
init_lock = threading.Lock()
# WPScan helper class -----------
class WPScanWrapper:
def __init__(self, wpscan_executable):
self.wpscan_executable = shlex.split(wpscan_executable)
# List of current WPScan processes
self.processes = []
self.init_check_done = False
def _lazy_init(self):
# Check if WPScan exists
try:
exit_code, version_info = self._wpscan("--version", "--format",
def build_config(self):
'''Parse the config file(s) and return WPWatcher config.
Return a tuple (config dict, read files list).
The dict returned contain all possible config values. Default values are applied if not specified in the file(s) or string.
'''
# Saving config file in right dict format and types - no 'wpwatcher' section, just config options
config_dict = {
# Configurable witg cli arguments
'wp_sites':
self.getjson('wp_sites'),
'send_email_report':
self.getbool('send_email_report'),
'send_errors':
self.getbool('send_errors'),
'email_to':
self.getjson('email_to'),
'send_infos':
self.getbool('send_infos'),
'quiet':
self.getbool('quiet'),
'verbose':
self.getbool('verbose'),
'attach_wpscan_output':
self.getbool('attach_wpscan_output'),
'fail_fast':
self.getbool('fail_fast'),
'api_limit_wait':
self.getbool('api_limit_wait'),
'daemon':
self.getbool('daemon'),
'daemon_loop_sleep':
parse_timedelta(self.parser.get('wpwatcher', 'daemon_loop_sleep')),
'resend_emails_after':
parse_timedelta(self.parser.get('wpwatcher',
'resend_emails_after')),
'wp_reports':
self.parser.get('wpwatcher', 'wp_reports'),
'asynch_workers':
self.parser.getint('wpwatcher', 'asynch_workers'),
'log_file':
self.parser.get('wpwatcher', 'log_file'),
'follow_redirect':
self.getbool('follow_redirect'),
'wpscan_output_folder':
self.parser.get('wpwatcher', 'wpscan_output_folder'),
'wpscan_args':
self.getjson('wpscan_args'),
'scan_timeout':
parse_timedelta(self.parser.get('wpwatcher', 'scan_timeout')),
'false_positive_strings':
self.getjson('false_positive_strings'),
# Not configurable with cli arguments
'send_warnings':
self.getbool('send_warnings'),
'email_errors_to':
self.getjson('email_errors_to'),
'wpscan_path':
self.parser.get('wpwatcher', 'wpscan_path'),
'smtp_server':
self.parser.get('wpwatcher', 'smtp_server'),
'smtp_auth':
self.getbool('smtp_auth'),
'smtp_user':
self.parser.get('wpwatcher', 'smtp_user'),
'smtp_pass':
self.parser.get('wpwatcher', 'smtp_pass'),
'smtp_ssl':
self.getbool('smtp_ssl'),
'from_email':
self.parser.get('wpwatcher', 'from_email'),
'use_monospace_font':
self.getbool('use_monospace_font'),
'syslog_server':
self.parser.get('wpwatcher', 'syslog_server'),
'syslog_port':
self.getint('syslog_port'),
'syslog_stream':
self.parser.get('wpwatcher', 'syslog_stream'),
'syslog_kwargs':
self.getjson('syslog_kwargs'),
}
return ((config_dict, self.files))
"""
Wordpress Watcher
Automating WPscan to scan and report vulnerable Wordpress sites
DISCLAIMER - USE AT YOUR OWN RISK.
"""
import shlex
import subprocess
import json
import time
import threading
from datetime import datetime
from wpwatcher import log
from wpwatcher.utils import safe_log_wpscan_args, parse_timedelta
UPDATE_DB_INTERVAL = parse_timedelta('1h')
init_lock = threading.Lock()
# WPScan helper class -----------
class WPScanWrapper():
def __init__(self, wpscan_executable):
self.wpscan_executable = shlex.split(wpscan_executable)
# List of current WPScan processes
self.processes = []
self.init_check_done = False
def _lazy_init(self):
# Check if WPScan exists
try:
exit_code, version_info = self._wpscan("--version", "--format",
def _build_config(parser: configparser.ConfigParser) -> Dict[str, Any]:
""""""
# Saving config file in right dict format and types - no 'wpwatcher' section, just config options
config_dict: Dict[str, Any] = {
# Configurable with cli arguments
"wp_sites":
Config._getjson(parser, "wp_sites"),
"send_email_report":
Config._getbool(parser, "send_email_report"),
"send_errors":
Config._getbool(parser, "send_errors"),
"email_to":
Config._getjson(parser, "email_to"),
"send_infos":
Config._getbool(parser, "send_infos"),
"quiet":
Config._getbool(parser, "quiet"),
"verbose":
Config._getbool(parser, "verbose"),
"attach_wpscan_output":
Config._getbool(parser, "attach_wpscan_output"),
"fail_fast":
Config._getbool(parser, "fail_fast"),
"api_limit_wait":
Config._getbool(parser, "api_limit_wait"),
"daemon":
Config._getbool(parser, "daemon"),
"daemon_loop_sleep":
parse_timedelta(parser.get("wpwatcher", "daemon_loop_sleep")),
"resend_emails_after":
parse_timedelta(parser.get("wpwatcher", "resend_emails_after")),
"wp_reports":
parser.get("wpwatcher", "wp_reports"),
"asynch_workers":
Config._getint(parser, "asynch_workers"),
"log_file":
parser.get("wpwatcher", "log_file"),
"follow_redirect":
Config._getbool(parser, "follow_redirect"),
"wpscan_output_folder":
parser.get("wpwatcher", "wpscan_output_folder"),
"wpscan_args":
Config._getjson(parser, "wpscan_args"),
"scan_timeout":
parse_timedelta(parser.get("wpwatcher", "scan_timeout")),
"false_positive_strings":
Config._getjson(parser, "false_positive_strings"),
# Not configurable with cli arguments
"send_warnings":
Config._getbool(parser, "send_warnings"),
"email_errors_to":
Config._getjson(parser, "email_errors_to"),
"wpscan_path":
parser.get("wpwatcher", "wpscan_path"),
"smtp_server":
parser.get("wpwatcher", "smtp_server"),
"smtp_auth":
Config._getbool(parser, "smtp_auth"),
"smtp_user":
parser.get("wpwatcher", "smtp_user"),
"smtp_pass":
parser.get("wpwatcher", "smtp_pass"),
"smtp_ssl":
Config._getbool(parser, "smtp_ssl"),
"from_email":
parser.get("wpwatcher", "from_email"),
"use_monospace_font":
Config._getbool(parser, "use_monospace_font"),
"syslog_server":
parser.get("wpwatcher", "syslog_server"),
"syslog_port":
Config._getint(parser, "syslog_port"),
"syslog_stream":
parser.get("wpwatcher", "syslog_stream"),
"syslog_kwargs":
Config._getjson(parser, "syslog_kwargs"),
}
return config_dict