Closed tristanlatr closed 4 years ago
Here are some other ressources that I found about parsing wpscan json
Where can we find a list of all possible fields in the json output ?
Thanks
You can find all the fields for the JSON output in the views/json folders at:
The references
field contains various fields: cve
, exploitdb
, url
, metasploit
, packetstorm
, securityfocus
and wpvulndb
, which will be arrays of ids (except for the url field), ie:
"references": {
"cve": [
"2015-5535"
],
"url": [
"https://seclists.org/bugtraq/2015/Jul/139",
"https://www.immuniweb.com/advisory/HTB23265"
],
"wpvulndb": [
"8120"
]
}
Hi, thanks @erwanlr I've put together some Python code here to parse WPScan output with the new infos I got from different sources https://github.com/tristanlatr/WPWatcher/blob/master/wpwatcher/parser.py
About CLI parsing, should "[i]"
be considered as warning ?
No, this is a notice display, such as
[i] No Config Backups Found.
However, I just saw that valid credentials found are also displayed like a notice
[i] Valid Combinations Found:
| Username: admin, Password: admin
So I've changed that (https://github.com/wpscanteam/wpscan/commit/6d381ab88ddcaf68a31b22055596bfe7a7f07537)
I would not recommend to parse the CLI output though, the JSON output was created for such purpose
Thanks for your quick response.
Another question about CLI formatting...
I can't found the place where all critical_icon
notice_icon
warning_icon
and info_icon
are defined , can you help me with that ? I looks like warning_icon
and critical_icon
are the same [!]
, is that correct ?
Thanks
*_icon
are defined at https://github.com/wpscanteam/CMSScanner/blob/master/app/formatters/cli.rb
Yes, warning_icon
and critical_icon
are [!]
, with different colours
Thanks that's great help !
Would it be reverent to use warning_icon
when a WP version outdated too ?
[+] WordPress version 5.1.1 identified (Insecure, released on 2019-03-13).
Hello I'm helping with this Python wrapper for WPScan WPWatcher and I'de like your input on the way the wpscan output parsing is done.
When using
--format cli
, the script will consider every blank line as a message separator. Messages will be warning if match "| [!]" or "insecure", alert if match "[!] else info. "insecure" string match for warning is hard coded to trigger warning when WP version is outdated...When using
--format json
, The script will parse "interesting_findings" (for infos), "main_theme", "version" and "plugins" fields of the json output for warnings outdated versions and alert if vulnerable.Would it be relevant to add some other parsing feature to this ?
Check here to see parser code : https://github.com/tristanlatr/WPWatcher/blob/master/wpwatcher/parser.py
Thanks for your input !