analysis fails when main theme is not present

lukaspustina / wpscan-analyze

Analyzes wpscan json output and checks for vulnerabilities

MIT License

21 stars 3 forks source link

analysis fails when main theme is not present #2

Closed aaronwbrown closed 4 years ago

aaronwbrown commented 4 years ago

Thank you for the work you have put into this library. I am encountering an error on use.

The WP theme is not present in my wpscan output, resulting in an error when running wpscan-analyze.

wpscan-analyze -f /tmp/wpscan-out.json  -s
Error: Error { inner:

WpScan is not sane, because Main theme could not be recognized. }

I have not touched Rust before; however, I am happy to take a look and submit a PR. 🤷‍♂

lukaspustina commented 4 years ago

Hi @aaronwbrown,

I've seen this before. Since there is no DTD or any other kind of specification for the wpscan results file, most probably one of my assumption about the format does not hold (anymore).

If I provided you with a safe upload link, would you be able to share your scan results file with me? In this way, I could adapt the internal data structure to support your case. If not, we would need to do some trial and error until we find the part, that cannot yet be successfully parsed.

tristanlatr commented 4 years ago

Hello,

I've been working myself on parsing json and cli output from WPScan and here is what's I got : WPWatcher

You can have a look at the parser from here. I used some of your code to inspire myself. The "main_theme" item can be null in WPScan json output, this parser handle that case.

The parser only parses "interesting_findings", "main_theme", "version" and "plugins" items.

Would be nice that WPWatcher supports wpscan-analyze parser to report by email ;-)

lukaspustina commented 4 years ago

@aaronwbrown Just checking back on you. Is this still an issue for you?

tristanlatr commented 4 years ago

Since there is no DTD or any other kind of specification for the wpscan results file

All the WPScan fields for the JSON output are in the views/json folders at:

https://github.com/wpscanteam/CMSScanner/tree/master/app/views/json and https://github.com/wpscanteam/wpscan/tree/master/app/views/json

In theme.erb we can see that theme can be null. If your code doesn't handled that case, the issue is still there for sure.

lukaspustina commented 4 years ago

@tristanlatr Nice pointer! Thanks. Give me a few days and I'll publish a new version!

lukaspustina commented 4 years ago

@tristanlatr and @aaronwbrown Turns out the data structure already account for a missing main theme, but the sanity check required it. I've changed that and the pipeline should spit out a new release shortly. Let me know if this helps.