wpscan.sh
Author | Rich Jones |
---|---|
Compatibility | Xymon 4.3 (likely will work on earlier versions also) |
Requirements | Bash, Ruby, WpScan |
Download | None |
Last Update | 2017-11-10 |
Description
A server side plugin that performs automated WpScan vulnerability tests against Wordpress websites.
Installation
Client side
Nothing to do on the client side, although you want to have some Wordpress sites to monitor.
Server side
Ensure you have WpScan installed https://wpscan.org/
Create a cronjob to auto-update the WpScan database
Place wpscan.sh in /usr/lib/xymon/server/ext (or wherever you have Xymon installed) and ensure it has the correct permissions.
Add the task to tasks.cfg
Add wpscan to the hosts you want to scan in your hosts.cfg
Source
crontab -e
tasks.cfg
wpscan.sh
Known Bugs and Issues
To Do
Parse the results and show the appropriate status colour
Credits
Changelog
- 2017-11-10
- Added in basic vulnerability detect that turns status red
- Change to the wpscan command to prevent SSL/TLS errors
- 2017-11-10
- Initial release