Skip to content

Commit

Permalink
Merge pull request #9 from tristanlatr/develop
Browse files Browse the repository at this point in the history 
Version 0.5.7
  • Loading branch information
@tristanlatr
tristanlatr authored Apr 12, 2020
2 parents ead95fb + 565945f commit f6f84fe
Show file tree
Hide file tree
Showing 14 changed files with 1,403 additions and 1,429 deletions.
34 changes: 34 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# WPWatcher Dockerfile
FROM ruby:alpine
# Install dependencies ruby gem
RUN apk --update add --virtual build-dependencies ruby-dev build-base &&\
apk --update add curl &&\
apk --update add git
# Install WPScan lastest tested version
RUN gem install wpscan -v 3.7.11
# Python install
ENV PYTHONUNBUFFERED=1
RUN apk add --no-cache python3

# Setup user and group if specified
ARG USER_ID
# ARG GROUP_ID
# Delete curent user
RUN deluser --remove-home wpwatcher >/dev/null 2>&1 || true
# RUN delgroup wp >/dev/null 2>&1 || true
# Init folder tree
RUN mkdir /wpwatcher && mkdir /wpwatcher/.wpwatcher
# Add only required scripts
ADD setup.py /wpwatcher
ADD README.md /wpwatcher
COPY ./wpwatcher/* /wpwatcher/wpwatcher/
WORKDIR /wpwatcher
# Install WPWatcher
RUN python3 ./setup.py install
RUN if [ ${USER_ID:-0} -ne 0 ]; then adduser -h /wpwatcher -D -u ${USER_ID} wpwatcher; fi
RUN adduser -h /wpwatcher -D wpwatcher >/dev/null 2>&1 || true
# RUN if [ ${GROUP_ID:-0} -ne 0 ]; then addgroup -g ${GROUP_ID} wp && addgroup wpwatcher wp ; fi
RUN chown -R wpwatcher /wpwatcher
USER wpwatcher
# Run command
ENTRYPOINT ["wpwatcher"]
207 changes: 136 additions & 71 deletions README.md
View file

Large diffs are not rendered by default.

Binary file modified screens/reports-summary-wprs.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7 changes: 3 additions & 4 deletions setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ def parse_setup(key):
# The directory containing this file
HERE = pathlib.Path(__file__).parent
# Read and store wpwatcher.py file
WPWATCHER = (HERE / "wpwatcher.py").read_text()
WPWATCHER = (HERE / "wpwatcher" / "__init__.py").read_text()
# The text of the README file
README = (HERE / "README.md").read_text()

Expand All @@ -25,9 +25,8 @@ def parse_setup(key):
url = parse_setup('GIT_URL'),
maintainer = parse_setup('AUTHORS'),
version = parse_setup('VERSION'),
py_modules = ['wpscan_parser'],
entry_points = {'console_scripts': ['wpwatcher=wpwatcher:wpwatcher'],},
scripts = ['wpwatcher.py','wpscan_parser.py'],
packages = ['wpwatcher',],
entry_points = {'console_scripts': ['wpwatcher = wpwatcher.cli:main'],},
classifiers = ["Programming Language :: Python :: 3"],
license = 'Apache License 2.0',
long_description = README,
Expand Down
155 changes: 12 additions & 143 deletions test.py
100644 → 100755
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@

#! /usr/bin/env python3
#
# Wordpress Watcher test script
#
# DISCLAIMER - USE AT YOUR OWN RISK.
"""
Requirements
pip install pytest
pip install codecov
pip install pytest-cov
# pip install pytest
# pip install codecov
# pip install pytest-cov
"""
import json
import re
Expand All @@ -13,8 +17,8 @@
import argparse
from datetime import datetime, timedelta
import unittest
import wpwatcher
from wpwatcher import WPWatcher, build_config
from wpwatcher.core import WPWatcher
from wpwatcher.config import WPWatcherConfig

def parse_args():
parser = argparse.ArgumentParser(description='WPWatcher test script')
Expand All @@ -33,158 +37,23 @@ def get_sites(self):
[ s.append({'url':url.strip()}) for url in f.readlines() ]
return s

def test_simple(self):
w=WPWatcher({
'wp_sites' :self.get_sites(),
'false_positive_strings' : ['No WPVulnDB API Token given, as a result vulnerability data has not been output'],
'wpscan_path':'wpscan',
'log_file':"",
'wpscan_args':["--no-banner","--random-user-agent"],
'send_email_report':False,
'send_errors':False,
'email_to':[],
'email_errors_to':[],
'send_warnings':True,
'send_infos':True,
'attach_wpscan_output':False,
'smtp_server':"",
'smtp_auth':False,
'smtp_user':"",
'smtp_pass':"",
'smtp_ssl':False,
'from_email':"",
'quiet':False,
'verbose':False,
'fail_fast':False,
'api_limit_wait':False,
'daemon':False,
'daemon_loop_sleep':timedelta(seconds=0),
'resend_emails_after':timedelta(seconds=0),
'wp_reports':'./test.json',
'asynch_workers':3,
'follow_redirect':True
})
exit_code, results=w.run_scans_and_notify()
self.assertEqual(0, exit_code)

def test_error(self):
w=WPWatcher({
'wp_sites' :[{'url':'exemple.com'}],
'false_positive_strings' : ['No WPVulnDB API Token given, as a result vulnerability data has not been output'],
'wpscan_path':'wpscan',
'log_file':"",
'wpscan_args':["--no-banner","--random-user-agent"],
'send_email_report':False,
'send_errors':False,
'email_to':[],
'email_errors_to':[],
'send_warnings':True,
'send_infos':True,
'attach_wpscan_output':False,
'smtp_server':"",
'smtp_auth':False,
'smtp_user':"",
'smtp_pass':"",
'smtp_ssl':False,
'from_email':"",
'quiet':False,
'verbose':False,
'fail_fast':False,
'api_limit_wait':False,
'daemon':False,
'daemon_loop_sleep':timedelta(seconds=0),
'resend_emails_after':timedelta(seconds=0),
'wp_reports':'',
'asynch_workers':3,
'follow_redirect':True
})
exit_code, results=w.run_scans_and_notify()
self.assertEqual(-1, exit_code)

def test_json(self):
w=WPWatcher({
'wp_sites' :self.get_sites(),
'false_positive_strings' : ['No WPVulnDB API Token given, as a result vulnerability data has not been output'],
'wpscan_path':'wpscan',
'log_file':"",
'wpscan_args':["--no-banner","--random-user-agent", "--format", "json"],
'send_email_report':False,
'send_errors':False,
'email_to':[],
'email_errors_to':[],
'send_warnings':True,
'send_infos':True,
'attach_wpscan_output':False,
'smtp_server':"",
'smtp_auth':False,
'smtp_user':"",
'smtp_pass':"",
'smtp_ssl':False,
'from_email':"",
'quiet':False,
'verbose':False,
'fail_fast':False,
'api_limit_wait':False,
'daemon':False,
'daemon_loop_sleep':timedelta(seconds=0),
'resend_emails_after':timedelta(seconds=0),
'wp_reports':'./test-parse-json.json',
'asynch_workers':3,
'follow_redirect':True
})
exit_code, results=w.run_scans_and_notify()
self.assertEqual(0, exit_code)

def test_config(self):
config="""
[wpwatcher]
wpscan_args=[ "--format", "cli",
"--no-banner",
"--random-user-agent",
"--disable-tls-checks" ]
# False positive string matches
# false_positive_strings=["You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"]
# Sites (--url or --urls)
wp_sites=%s
# Notifications (--send , --em , --infos , --errors , --attach , --resend)
send_email_report=Yes
# email_to=["you@domain"]
send_infos=Yes
send_errors=Yes
send_warnings=No
attach_wpscan_output=Yes
resend_emails_after=5d
# email_errors_to=["admins@domain"]
# Sleep when API limit reached (--wait)
# api_limit_wait=Yes
# Daemon settings (recommended to use --daemon)
# daemon=No
daemon_loop_sleep=5m
# Output (-q , -v)
# log_file=./wpwatcher.log
# quiet=Yes
# verbose=Yes
# Custom database (--reports)
wp_reports=./test.json
# Exit if any errors (--ff)
# fail_fast=Yes
follow_redirect=Yes
"""%(json.dumps(self.get_sites()))
with open('./wpwatcher.conf', 'w') as configfile:
configfile.write(config)
w=WPWatcher(build_config({}))
w=WPWatcher(WPWatcherConfig(string=config).build_config()[0])
exit_code, results=w.run_scans_and_notify()
self.assertEqual(0, exit_code)



self.assertEqual(0, exit_code)
58 changes: 0 additions & 58 deletions tools/wprs.py
View file

This file was deleted.

Loading

0 comments on commit f6f84fe

Please sign in to comment.