TheTechromancer
commented
1 month ago @domwhewell-sage thanks for taking this one! Looks good except for a few little things; once those are fixed we should be good to merge.
Closed domwhewell-sage closed 1 month ago
TheTechromancer
commented
1 month ago @domwhewell-sage thanks for taking this one! Looks good except for a few little things; once those are fixed we should be good to merge.
TheTechromancer
commented
1 month ago @domwhewell-sage thanks for updating it.
Doing some quick testing for this and I ran into an issue with the wpscan binary not being found. I think it's because of the tool being installed as root.
Eventually I'd like to have an isolated ruby environment for BBOT. This would make a friendlier integration for any future ruby tools. However, implementing this cleanly this would require the shared module dependency feature in BBOT-2.0.
For now it should be enough to remove the {"become": True} in the last step.
domwhewell-sage
commented
1 month ago No worries hmm thats weird I didnt get that when i was running it as non-root... Perhaps i already had the gem installed...
This PR adds a new module for the wpscan tool as discussed in https://github.com/blacklanternsecurity/bbot/issues/1386
The user-agent and proxy will be inherited from the scan configuration and there are options for the user to pass a few of the more popular configuration options to wpscan I havent added all the wpscan config options but more can be added if desired.
The module accepts
HTTP_RESPONSEandTECHNOLOGYevents.HTTP_RESPONSEso it will scan all URLs that are not redirects just in case modules that emmit aTECHNOLOGYevent fail to detect the wordpress installation.The output parser raises pretty much all of the wpscan output with the exception of
xmlrpcandreadmedetection's as those would be duplicates of ones emitted by nuclei