monitors:wpscan.sh

This is an old revision of the document!

wpscan.sh

Author Rich Jones
Compatibility Xymon 4.3 (likely will work on earlier versions also)
Requirements Bash, Ruby, WpScan
Download None
Last Update 2017-11-10

Description

A server side plugin that performs automated WpScan vulnerability tests against Wordpress websites.

Installation

Client side

Nothing to do on the client side, although you want to have some Wordpress sites to monitor.

Server side

Ensure you have WpScan installed https://wpscan.org/

Create a cronjob to auto-update the WpScan database

Place wpscan.sh in /usr/lib/xymon/server/ext (or wherever you have Xymon installed) and ensure it has the correct permissions.

Add the task to tasks.cfg

Add wpscan to the hosts you want to scan in your hosts.cfg

Source

crontab -e

Show Code ⇲

Hide Code ⇱ 

0 10 */5 * * /usr/bin/ruby /usr/lib/wpscan/wpscan.rb --update >/dev/null 2>&1

tasks.cfg

Show Code ⇲

Hide Code ⇱ 

[wpscan]
        ENVFILE /usr/local/xymon/server/etc/xymonserver.cfg
        CMD /usr/local/xymon/server/ext/wpscan.sh
        LOGFILE $XYMONSERVERLOGS/wpscan.log
        INTERVAL 7d

wpscan.sh

Show Code ⇲

Hide Code ⇱ 

#!/bin/bash

        HOSTTAG=wpscan
        COLUMN=$HOSTTAG
        REGEX='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'

        grep -C 0 'wpscan' /usr/local/xymon/server/etc/hosts.cfg | while read -r LINE ; do

                if [[ $LINE =~ $REGEX ]]
                then
                        URL=${BASH_REMATCH}
                        SPLIT=($(echo "$LINE" | tr ' ' '\n'))
                        IP=${SPLIT[0]}
                        MACHINE=${SPLIT[1]}
                        MACHINECOMMAS=${MACHINE//./,}

                        COLOR=green
                        MSG="$HOSTTAG status for host $MACHINE"

                        CMD="$(/usr/bin/ruby /usr/local/wpscan/wpscan.rb --url ${URL} -enumerate u)"

                        MSG="$MSG $CMD"

                        $XYMON $XYMSRV "status $MACHINECOMMAS.$COLUMN $COLOR `date` ${MSG}"
                fi

        done

exit 0

Known Bugs and Issues

To Do

Parse the results and show the appropriate status colour

Credits

WpScan

Changelog

  • 2017-11-10
    • Initial release
  • monitors/wpscan.sh.1510314452.txt.gz
  • Last modified: 2017/11/10 11:47
  • by rich