wpwatcher 2.4.7

WordPress Watcher - Automating WPScan to scan and report vulnerable Wordpress sites

WPWatcher

Automating WPScan to scan and report vulnerable Wordpress sites

Features

• Scan multiple sites with WPScan
• Parse WPScan output and divide the results in "Alerts", "Warnings", "Informations" and eventually "Errors"
• Handled VulnDB API limit
• Define reporting emails addresses for every configured site individually and globally (wiki/Email-reports)
• Define false positives strings for every configured site individually and globally (wiki/False-positives)
• Define WPScan arguments for every configured site individually and globally (wiki/WPScan-configuration)
• Send scan reports to Syslog server (wiki/Syslog-output)
• Save raw WPScan output into files
• Log file can also lists all the findings (wiki/Output)
• Speed up scans using several asynchronous workers
• Parse and follow URL redirection if WPScan fails and propose to ignore main redirect
• Scan sites continuously at defined interval and configure script as a linux service (wiki/Linux-service)
• Additionnal alerts depending of finding type (SQL dump, etc.) (match list)
• Keep track of fixed issues
• Simple library usage (wiki/Library-usage)

Prerequisites

• WPScan (itself requires Ruby and some libraries).
• Python 3

Install

With PyPi (stable)

python3 -m pip install 'wpwatcher' --upgrade

Installs WPWatcher without syslog output support

wpwatcher should be in your PATH.

Review the Wiki for more documentation.

Try it out

Simple usage
Scan 2 sites with default config.

wpwatcher --url exemple.com exemple1.com

More complete exemple
Load sites from text file , add WPScan arguments , follow redirection if WPScan fails , use 5 asynchronous workers , email custom recepients if any alerts with full WPScan output attached. If you reach your API limit, it will wait and continue 24h later.

wpwatcher --urls sites.txt \
        --wpscan_args "--force --stealthy --api-token <TOKEN>" \
        --follow_redirect \
        --workers 5 \
        --send --attach \
        --email_to collaborator1@office.ca collaborator2@office.ca \
        --api_limit_wait

WPWatcher must read a configuration file to send mail reports.
This exemple assume you have filled your config file with mail server setings.

Inspect a report in database

wpwatcher --show <site>

Configuration

Select config file with --conf File path. You can specify multiple files. Will overwrites the keys with each successive file.

Create and edit a new config file from template.

wpwatcher --template_conf > wpwatcher.conf
vim wpwatcher.conf

To load the config file by default, move the file to the following location:

• For Windows: %APPDATA%\.wpwatcher\wpwatcher.conf or %APPDATA%\wpwatcher.conf
• For Mac/Linux : $HOME/.wpwatcher/wpwatcher.conf or $HOME/wpwatcher.conf

See: All configuration options

Configuration exemple

Sample configuration file with full featured wp_sites entry, custom WPScan path and arguments, vuln DB api limit handling, email and syslog reporting

[wpwatcher]
wp_sites=   [ {   
                "url":"exemple.com",
                "email_to":["site_owner@domain.com"],
                "false_positive_strings":[
                    "Yoast SEO 1.2.0-11.5 - Authenticated Stored XSS",
                    "Yoast SEO <= 9.1 - Authenticated Race Condition"],
                "wpscan_args":["--stealthy"]
              },
              { "url":"exemple2.com"  }  ]
wpscan_path=/usr/local/rvm/gems/default/wrappers/wpscan
wpscan_args=[   "--format", "json",
                "--no-banner",
                "--random-user-agent", 
                "--disable-tls-checks",
                "--api-token", "YOUR_API_TOKEN" ]
api_limit_wait=Yes
send_email_report=Yes
email_to=["me@gmail.com"]
from_email=me@gmail.com
smtp_user=me@gmail.com
smtp_server=smtp.gmail.com:587
smtp_ssl=Yes
smtp_auth=Yes
smtp_pass=P@assW0rd
syslog_server=syslogserver.ca
syslog_port=514

Email reports

One report is generated per site and the reports are sent individually when finished scanning a website.

Questions ?

If you have any questions, please create a new issue.

Contribute

If you like the project and think you could help with making it better, there are many ways you can do it:

• Create new issue for new feature proposal or a bug
• Implement existing issues
• Help with improving the documentation
• Spread a word about the project to your collegues, friends, blogs or any other channels
• Any other things you could imagine
• Any contribution would be of great help

Running tests

pytest

Authors

• Florian Roth (Original author of WPWatcher v0.2)
• Tristan Landes