otomatisasi audit wordpress
2024-08-27
Skrip untuk mengunduh setiap plugin Wordpress (diperbarui dalam 2 tahun terakhir) dan menjalankan Semgrep pada sebagian besar plugin sambil menyimpan output dalam database.
Tulisan lengkap: https://projectblack.io/blog/cve-hunting-at-scale/
Ingin langsung melihat kumpulan data?
Unduh mysqldump terbaru di sini: https://github.com/prjblk/wordpress-audit-automation/releases
git clone https://github.com/prjblk/wordpress-audit-automation
cp config.ini.sample config.ini
nano config.ini
pip install -r requirements.txt
$ python3 wordpress-plugin-audit.py -h
usage: wordpress-plugin-audit.py [-h] [--download] [--download-dir DOWNLOAD_DIR] [--audit] [--config CONFIG] [--create-schema] [--clear-results] [--verbose]
Downloads or audits all Wordpress plugins.
options:
-h, --help show this help message and exit
--download Download and extract plugins, if plugin directory already exists, it will delete it and redownload
--download-dir DOWNLOAD_DIR
The directory to save/audit downloaded plugins (default: current directory)
--audit Audits downloaded plugins sequentially
--config CONFIG Semgrep config/rules to run - https://semgrep.dev/docs/running-rules#running-semgrep-registry-rules-locally (default: p/php)
--create-schema Create the database and schema if this flag is set
--clear-results Clear audit table and then run, useful if run as a cron job and we only care about the latest release
--verbose Print detailed messages
$ python3 wordpress-plugin-audit.py --download --audit --create-schema
Downloading plugins: 100%|███████████████████████████████████| 2/2 [00:49<00:00, 24.65s/it]
Auditing plugins: 10%|█████ | 2/20 [00:05<00:47, 2.62s/it]
Anda dapat fokus pada kelas kerentanan tertentu dengan menanyakan keluaran yang berkaitan dengan aturan tertentu.
USE SemgrepResults;
SELECT PluginResults.slug,PluginData.active_installs,PluginResults.file_path,PluginResults.start_line,PluginResults.vuln_lines
FROM PluginResults INNER JOIN PluginData ON PluginResults.slug = PluginData.slug
WHERE check_id = "php.lang.security.injection.tainted-sql-string.tainted-sql-string"
ORDER BY active_installs DESC
Jika Anda memiliki masalah dengan mengaudit plugin, pastikan Anda dapat menjalankan segrep di baris perintah secara normal terlebih dahulu.