umutphp/wp-vulnerability-check

通过API检查WPScan漏洞数据库,以识别已安装插件和WordPress上的安全问题。

维护者

详细信息

github.com/umutphp/wp-vulnerability-check

来源

问题

安装次数: 2,680

依赖项: 0

建议者: 0

安全性: 0

星标: 36

关注者: 2

分支: 9

开放性问题: 1

0.3.9 2021-06-13 16:33 UTC

Requires

Requires (Dev)

GPL-3.0-only 56d248a69ea2e11882e5548e469757fcb5729c4b

  • Umut Işık <umutphp.woop@gmail.com>

This package is auto-updated.

Last update: 2024-09-22 19:38:07 UTC

README

Contributor Covenant WOSPM Checker Latest Stable Version Total Downloads composer.lock Open Source Helpers

WordPress漏洞检查(wp-vulnerability-check)是一个控制台应用程序,通过API检查WPScan漏洞数据库以识别已安装WordPress插件的安全问题。

如果你将WordPress作为应用程序的一部分,并使用第三方WordPress插件来实现业务逻辑,你可以在CI管道上运行wp-vulnerability-check来检查漏洞。你需要从 wpscan.com 获取一个令牌,以便访问API。

WordPress Vulnerability Check

目录

如何使用

要求

wp-vulnerability-check需要PHP版本5.6.0或更高版本。

安装

它可以作为一个独立工具安装,也可以用作CI管道上的测试步骤。

composer require umutphp/wp-vulnerability-check

CLI选项

成功安装后,你可以按以下方式显示选项;

 ./wp-vulnerability-check --help
---------------------------
WP Vulnerability Check version 0.2.2
---------------------------
Usage: wp-vulnerability-check [options]
Options:
    --config            Full path for the YAML config file. A sample config
                        file is .wvc.yml.sample in root folder. CLI arguments
                        override the values in config file.
    --path              Full path of your WordPress installation.
    --plugins-path      Relative path of the plugin folder. It is optional.
                        Please specify if you don't use default plugin folder.
    --mu-plugins-path   Relative path of the mu plugin folder. It is optional.
                        Please specify if you don't use default mu plugin folder.
    --themes-path       Relative path of the theme folder. It is optional.
                        Please specify if you don't use default theme folder.
    --token             Token got from wpscan.com
    --exclude           Exclude the plugins given in comma separated format.
    --output            The format of output. Valid values JSON, READABLE, HTML,
                        NO (Default).
    --no-colors         Disable the console colors. It is enabled by default.
    --version           Show version.
    --help              Print this help.

示例执行过程,

$ ./wp-vulnerability-check --path /path/to/plugins/ --token token --output readable

Checking WordPress version ...

.
------------------------------------------------------------
Vulnerability Details


Checking plugins...

.......

Checked 7 plugins in 2 second, no vulnerability found.

The plugins which are not in WPScan Vulnerability Database; akismet, custom-css-js, hello, multisite-clone-duplicator, wp-migrate-db, base, mu-autoloader.
PS: You can exclude your custom plugins with --exclude parameter.

Checking theme...

.

Checked 1 theme in 0.2 second, no vulnerability found.

The theme which is not in WPScan Vulnerability Database; simple-days.
PS: You can exclude your custom themes with --exclude parameter.

问题

可以通过 Github问题跟踪器 提交错误报告和功能请求。

贡献

更多信息请参见 CONTRIBUTING.md

行为准则

更多信息请参见 CODE_OF_CONDUCT