Closed domwhewell-sage closed 1 month ago
@domwhewell-sage thanks for taking this one! Looks good except for a few little things; once those are fixed we should be good to merge.
@domwhewell-sage thanks for updating it.
Doing some quick testing for this and I ran into an issue with the wpscan
binary not being found. I think it's because of the tool being installed as root.
Eventually I'd like to have an isolated ruby environment for BBOT. This would make a friendlier integration for any future ruby tools. However, implementing this cleanly this would require the shared module dependency feature in BBOT-2.0.
For now it should be enough to remove the {"become": True}
in the last step.
No worries hmm thats weird I didnt get that when i was running it as non-root... Perhaps i already had the gem installed...
This PR adds a new module for the wpscan tool as discussed in https://github.com/blacklanternsecurity/bbot/issues/1386
The user-agent and proxy will be inherited from the scan configuration and there are options for the user to pass a few of the more popular configuration options to wpscan I havent added all the wpscan config options but more can be added if desired.
The module accepts
HTTP_RESPONSE
andTECHNOLOGY
events.HTTP_RESPONSE
so it will scan all URLs that are not redirects just in case modules that emmit aTECHNOLOGY
event fail to detect the wordpress installation.The output parser raises pretty much all of the wpscan output with the exception of
xmlrpc
andreadme
detection's as those would be duplicates of ones emitted by nuclei