Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== wpscan.sh ====== ^ Author | [[ http://www.nothingatall.net | Rich Jones]] | ^ Compatibility | Xymon 4.3 (likely will work on earlier versions also) | ^ Requirements | Bash, Ruby, WpScan | ^ Download | None | ^ Last Update | 2017-11-10 | ===== Description ===== A server side plugin that performs automated WpScan vulnerability tests against Wordpress websites. ===== Installation ===== === Client side === Nothing to do on the client side, although you want to have some Wordpress sites to monitor. === Server side === Ensure you have WpScan installed [[https://wpscan.org/]] Create a cronjob to auto-update the WpScan database Place wpscan.sh in /usr/lib/xymon/server/ext (or wherever you have Xymon installed) and ensure it has the correct permissions. Add the task to tasks.cfg Add wpscan to the hosts you want to scan in your hosts.cfg ===== Source ===== ==== crontab -e ==== <hidden onHidden="Show Code ⇲" onVisible="Hide Code ⇱"> <code> 0 10 */5 * * /usr/bin/ruby /usr/lib/wpscan/wpscan.rb --update >/dev/null 2>&1 </code> </hidden> ==== tasks.cfg ==== <hidden onHidden="Show Code ⇲" onVisible="Hide Code ⇱"> <code> [wpscan] ENVFILE /usr/local/xymon/server/etc/xymonserver.cfg CMD /usr/local/xymon/server/ext/wpscan.sh LOGFILE $XYMONSERVERLOGS/wpscan.log INTERVAL 7d </code> </hidden> ==== wpscan.sh ==== <hidden onHidden="Show Code ⇲" onVisible="Hide Code ⇱"> <code> #!/bin/bash HOSTTAG=wpscan COLUMN=$HOSTTAG REGEX='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' grep -C 0 'wpscan' /usr/local/xymon/server/etc/hosts.cfg | while read -r LINE ; do if [[ $LINE =~ $REGEX ]] then URL=${BASH_REMATCH} SPLIT=($(echo "$LINE" | tr ' ' '\n')) IP=${SPLIT[0]} MACHINE=${SPLIT[1]} MACHINECOMMAS=${MACHINE//./,} COLOR=green MSG="$HOSTTAG status for host $MACHINE" CMD="$(/usr/bin/ruby /usr/local/wpscan/wpscan.rb --url ${URL} -enumerate u --disable-tls-checks)" if [[ $CMD == *"[!]"* ]]; then COLOR=red fi MSG="$MSG $CMD" $XYMON $XYMSRV "status $MACHINECOMMAS.$COLUMN $COLOR `date` ${MSG}" fi done exit 0 </code> </hidden> ===== Known Bugs and Issues ===== ===== To Do ===== Parse the results and show the appropriate status colour ===== Credits ===== [[https://wpscan.org/|WpScan]] ===== Changelog ===== * **2017-11-10** * Added in basic vulnerability detect that turns status red * Change to the wpscan command to prevent SSL/TLS errors * **2017-11-10** * Initial release monitors/wpscan.sh.txt Last modified: 2017/11/10 14:24by rich