wpscan_out_parse is a Python parser for WPScan output files (JSON and CLI). It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.
Project description
WPScan Output Parser
wpscan_out_parse is a Python parser for WPScan output files (JSON and CLI).
It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.
Features
- Support WPScan JSON and CLI output files
- Display results to stdout in CLI, JSON or HTML output format
- Generate a summary table of your wordpress component containing version and vulnerabilities
- Divide the results in "Alerts", "Warnings" and "Informations"
- Additionnal alerts depending of finding type (SQL dump, etc.)
- Signal result via exit code
- Ignore messages based on false positives strings
- Simple Python library usage
- Colorized output by default
Design of summary table is largely inspired by wpscan-analyze (Rust code).
Install
python3 -m pip install wpscan-out-parse
How to use
As a CLI tool
Run WPScan
wpscan --url https://mysite.com --output file.json --format json --api-token YOUR_API_TOKEN
Run wpscan_out_parse
python3 -m wpscan_out_parse file.json
And process output and/or exit code.
Exit codes
- 5 -> ALERT: Your WordPress site is vulnerable
- 6 -> WARNING: You WordPress site is oudated or potentially vulnerable
- 4 -> ERROR: WPScan failed
- 1 -> ERROR: Parser error
- 0 -> All OK
Exemples
Display results in HTML format
% python3 -m wpscan_out_parse ./test/output_files/potential_vulns.json --format html > html_output.html
As a Python library
See the API reference.
Additionnal alerts strings
Some additionnal warnings and alerts are raised when detecting the following strings in your output file.
Alerts
"SQL Dump found",
"Full Path Disclosure found",
"www.owasp.org/index.php/Full_Path_Disclosure",
"codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script",
"www.exploit-db.com/ghdb/3981/",
"A backup directory has been found",
"github.com/wpscanteam/wpscan/issues/422",
"ThemeMakers migration file found",
"packetstormsecurity.com/files/131957",
"Search Replace DB script found",
"interconnectit.com/products/search-and-replace-for-wordpress-databases/"
Warnings
"Upload directory has listing enabled",
"Registration is enabled",
"Debug Log found",
"codex.wordpress.org/Debugging_in_WordPress",
"Fantastico list found",
"www.acunetix.com/vulnerabilities/fantastico-fileslist/"
Full help
% python3 -m wpscan_out_parse -h
usage: python3 -m wpscan_out_parse [Options] <File path>
wpscan_out_parse is a Python parser for WPScan output files (JSON and CLI).
It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.
positional arguments:
<File path> WPScan output file to parse.
optional arguments:
-h, --help show this help message and exit
--format <Format> output format, choices are: "cli", "html", "json"
--summary display ony the summary of issues per component.
--inline display only one line like: "WPScan result summary:
alerts={}, warnings={}, infos={}, error={}".
--no_warnings do not display warnings, only summary and alerts.
Implies --no_infos.
--no_infos do not display informations and findinds.
--no_summary do not display the summary of issues.
--show_all show all findings details (found by, confidence,
confirmed by).
--false_positive String [String ...]
consider all matching messages as infos and add
"[False positive]" prefix.
--no_color do not colorize output.
--version print wpscan_out_parse version and exit.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
wpscan_out_parse-1.9.3.tar.gz
(23.1 kB
view hashes)
Built Distribution
Close
Hashes for wpscan_out_parse-1.9.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fb89dd6e67efa28abece2e430810f4f79c1eb37ab8fcd6f16e6bd4a5b1b500ef |
|
| MD5 | 35ff2c27207789b798d6a41db80dfc43 |
|
| BLAKE2b-256 | dac79a0febd51f47d401a4409fae35711baf430659bc464ee0b362fb6eb8d65e |
