Cannot parse wpscan json output

[juanluisbaptiste]

Hi,

I'm trying to process a wpscan scan result with wpscan-analyze but I'm getting the following error:

$ wpscan --url https://www.site.com/ --api-token xxxxxxxxxxxxxxxxxx -f json -o out.json
$ wpscan-analyze --wpscan out.json -vvv
wpscan-analyze version=1.0.2, log level=Level(Trace)
DEBUG wpscan_analyze: args = Args {
    wpscan: "out.json",
    output_format: Human,
    output_detail: NotOkay,
    no_color: false,
    silent: false,
    verbosity: 3
}
INFO  wpscan_analyze: Loading wpscan file
Error: Error { inner: 

data has wrong format }

I only can get it to work with the example file on this repo, and taking a quick look both look the same, just that mine is longer. Any ideas ?

Thanks in advance.

[lukaspustina]

Hi,

I've seen this before. Since there is no DTD or any other kind of specification for the wpscan results file, most probably one of my assumption about the format does not hold (anymore).

There are two options: You could share your results file with me -- outside of GitHub via a secure channel or I can add more debug output to pin point the offending part of the file. The second option my take some while and I'm not sure, it will succeed.

I'm happy to help you debug this issue.

[juanluisbaptiste]

Hi @lukaspustina I have no issues sharing the results file, just tell me where to send it.

[lukaspustina]

Perfect: Just browser-drag-n-drop the file onto this link: https://upload.centerdevice.de/18761a65-ea49-44a3-836b-65047bb968e3.

I'll come back to you asap.

[juanluisbaptiste]

Done.

[lukaspustina]

I received the file and I can confirm the issue. I'll get back to asap.

[lukaspustina]

Hi.

I updated the internal data structures according to your results file. Can you double check using the current master? If it works for you, I'll put publish a new version.

[juanluisbaptiste]

Ok I will test and report back.

[juanluisbaptiste]

It works, thanks !!

[lukaspustina]

@juanluisbaptiste Perfect. I'll publish a new version shortly.

Just one more thing: How did you discover this repo and does is serve you as intended?

[lukaspustina]

@juanluisbaptiste Latest release (v1.0.3) contains your fix. Please close the issue if everything works for you.

[juanluisbaptiste]

Closing then, thanks.

[juanluisbaptiste]

Just one more thing: How did you discover this repo and does is serve you as intended?

How I discovered it ? looking in google for a way to parse wpscan results.

Does it serves me as intented ? to some point, what I liked most of this tool was the easy way to check all reported vulnerabilities, but still what I'm missing is a csv output or something like that so I can create a report with libreoffice.

When I ran into this bug I started working on a csv parser for wpscan json output and it is almost finished. Maybe I can take a look and see if I can adapt it to read wpscan-analyze json output so you could add a csv output option ? would this be a feature that makes sense to you ?

[juanluisbaptiste]

I just realized that this project is done in rust and I'm working in python, so forget my suggestion...

[lukaspustina]

Have you tried to mangle wpscan-analyser's JSON output into a csv using jq? Currently, the JSON document is not very well suited for a CSV transformation, because there are no arrays, but jq can do that, too.

For example, once you have transformed the JSON output into an array, jq can be used to create an array like this: jq -r '.myarray | @csv'.

[juanluisbaptiste]

I have note tried it, thanks !!