6 releases (stable)

1.0.4 Jun 26, 2020
1.0.3 Feb 3, 2020
1.0.2 Jul 18, 2019
1.0.0 May 31, 2019
0.0.2 May 31, 2019

#1677 in Parser implementations

MIT license

36KB
868 lines

wpscan-analyze

Analyzes wpscan json output and checks for vulnerabilities

Linux and macOS Build Status codecov GitHub release MIT licensed

wpscan checks WordPress installation for outdated versions, plugins, and themes. wpscan-analyze analyses wpscan's JSON output and signals results via exit status, JSON and human readable output.

Basic Usage

wpscan needs an input file in JSON format generated by a run of wpscan against a WordPress installation.

Run wpscan

wpscan --url https://lukas.pustina.de --update --output wpscan.json --format json

Run wpscan-analyze

> wpscan -f wpscan.json
wpscan-analyze version=0.0.2, log level=Level(Warn)
+--------------------------+---------+---------------+--------------------+------------+------------+
| Component                | Version | Version State | Vulnerabilities    | Processing | Result     |
+--------------------------+---------+---------------+--------------------+------------+------------+
| WordPress                | 4.9.10  |    Latest     | No vulnerabilities |     Ok     |     Ok     |
| Main Theme               | 3.2.1   |    Latest     | No vulnerabilities |     Ok     |     Ok     |
| Plugin: wp-super-cache   | 1.6.3   |   Outdated    | No vulnerabilities |     Ok     |  Outdated  |
| Plugin: wordpress-seo    | 8.0     |   Outdated    | 1 vulnerabilities  |     Ok     | Vulnerable |
| Plugin: jm-twitter-cards | 9.4     |   Outdated    | No vulnerabilities |     Ok     |  Outdated  |
+--------------------------+---------+---------------+--------------------+------------+------------+
Analyzer result summary: outdated=3, vulnerabilities=1, failed=0

> echo $?
11

Help

man 1 wpscan-analyze

Installation

Ubuntu [x86_64]

Please add my PackageCloud open source repository and install wpscan-analyze via apt.

curl -s https://packagecloud.io/install/repositories/lukaspustina/opensource/script.deb.sh | sudo bash
sudo apt-get install wpscan-analyze

Linux Binaries [x86_64]

There are binaries available at the GitHub release page. The binaries get compiled on Ubuntu.

macOS Binaries [x86_64]

There are binaries available at the GitHub release page.

Sources

Please install Rust via rustup and then run

git clone https://github.com/lukaspustina/wpscan-analyze
cd wpscan-analyze
cargo build

Postcardware

You're free to use wpscan-analyze. If you find it useful, I would highly appreciate you sending me a postcard from your hometown mentioning how you use wpscan-analyze. My work address is

Lukas Pustina
CenterDevice GmbH
Rheinwerkallee 3
53227 Bonn
German

Dependencies

~14–22MB
~332K SLoC