search

kacperszurek / burp_wp

Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.
https://security.szurek.pl/
MIT License
179 stars 49 forks source link

Burp_wp_database.db how to download? #1

Closed s1xg0d closed 4 years ago

s1xg0d commented 6 years ago

Burp_wp_database.db how to download?

kacperszurek commented 6 years ago

Database is downloaded automatically after you install and enable Burp WP.

You can also force download using Update button.

update

If you still don't get update status message (Themes: 283, Plugins: 1613) please enable Debug mode and try again.

Now go to Extender->Extensions->Burp WP->Output.

database_fail

If you are using Internet through proxy it's not currently supported. You can use Offline database.

You can also try to use this little python script for downloading database without Burp:

import requests
import os
import collections
import json

database_name = 'burp_wp_database.db'
database = {'plugins': collections.OrderedDict(), 'themes': collections.OrderedDict()}

s = requests.Session()

def download_database(url, what):
    r = s.get('{}.sha512'.format(url))
    if r.status_code != requests.codes.ok:
        print "[-] Cannot download {} sha".format(what)
        os._exit(0)

    plugins_sha = r.text

    r = s.get(url)
    if r.status_code != requests.codes.ok:
        print "[-] Cannot download {}".format(what)
        os._exit(0)
    loaded_json = r.json()

    print "[+] {} downloaded".format(what)

    for name in loaded_json:
        if len(loaded_json[name]['vulnerabilities']) == 0:
            continue
        bugs = []
        for vulnerability in loaded_json[name]['vulnerabilities']:
            bug = {'id': vulnerability['id'], 'title': vulnerability['title'].encode('utf-8'),
                   'vuln_type': vulnerability['vuln_type'].encode('utf-8'), 'reference': ''}

            if 'references' in vulnerability:
                if 'url' in vulnerability['references']:
                    references = []
                    for reference_url in vulnerability['references']['url']:
                        references.append(reference_url.encode('utf-8'))
                    if len(references) != 0:
                        bug['reference'] = references
            if 'cve' in vulnerability:
                bug['cve'] = vulnerability['cve']
            if 'exploitdb' in vulnerability:
                bug['exploitdb'] = vulnerability['exploitdb'][0]

            if 'fixed_in' in vulnerability and vulnerability['fixed_in']:
                bug['fixed_in'] = vulnerability['fixed_in']
            else:
                bug['fixed_in'] = '0'
            bugs.append(bug)
        database[what][name] = bugs

    print "[+] {} parsed".format(what)

download_database('https://data.wpscan.org/plugins.json', 'plugins')
download_database('https://data.wpscan.org/themes.json', 'themes')

with open(database_name, "wb") as fp:
    json.dump(database, fp)
print "[+] OK"
qing-root commented 4 years ago

Database is downloaded automatically after you install and enable Burp WP.

You can also force download using Update button.

update

If you still don't get update status message (Themes: 283, Plugins: 1613) please enable Debug mode and try again.

Now go to Extender->Extensions->Burp WP->Output.

database_fail

If you are using Internet through proxy it's not currently supported. You can use Offline database.

You can also try to use this little python script for downloading database without Burp:

import requests
import os
import collections
import json

database_name = 'burp_wp_database.db'
database = {'plugins': collections.OrderedDict(), 'themes': collections.OrderedDict()}

s = requests.Session()

def download_database(url, what):
    r = s.get('{}.sha512'.format(url))
    if r.status_code != requests.codes.ok:
        print "[-] Cannot download {} sha".format(what)
        os._exit(0)

    plugins_sha = r.text

    r = s.get(url)
    if r.status_code != requests.codes.ok:
        print "[-] Cannot download {}".format(what)
        os._exit(0)
    loaded_json = r.json()

    print "[+] {} downloaded".format(what)

    for name in loaded_json:
        if len(loaded_json[name]['vulnerabilities']) == 0:
            continue
        bugs = []
        for vulnerability in loaded_json[name]['vulnerabilities']:
            bug = {'id': vulnerability['id'], 'title': vulnerability['title'].encode('utf-8'),
                   'vuln_type': vulnerability['vuln_type'].encode('utf-8'), 'reference': ''}

            if 'references' in vulnerability:
                if 'url' in vulnerability['references']:
                    references = []
                    for reference_url in vulnerability['references']['url']:
                        references.append(reference_url.encode('utf-8'))
                    if len(references) != 0:
                        bug['reference'] = references
            if 'cve' in vulnerability:
                bug['cve'] = vulnerability['cve']
            if 'exploitdb' in vulnerability:
                bug['exploitdb'] = vulnerability['exploitdb'][0]

            if 'fixed_in' in vulnerability and vulnerability['fixed_in']:
                bug['fixed_in'] = vulnerability['fixed_in']
            else:
                bug['fixed_in'] = '0'
            bugs.append(bug)
        database[what][name] = bugs

    print "[+] {} parsed".format(what)

download_database('https://data.wpscan.org/plugins.json', 'plugins')
download_database('https://data.wpscan.org/themes.json', 'themes')

with open(database_name, "wb") as fp:
    json.dump(database, fp)
print "[+] OK"

hi,I had the same problem with him. I could not update the Vul Themes and Plugins even if i used your way which is userd the python script to update. 图片 My network is ok,please give me an idea to solve the problem, I am all gratitude!