WordPress 审计自动化
2024-08-27
用于下载每个 Wordpress 插件(在过去 2 年更新)并在其中大量运行 Semgrep,同时将输出存储在数据库中的脚本。
完整文章:https://projectblack.io/blog/cve-hunting-at-scale/
想直接跳到查看数据集吗?
在这里下载最新的 mysqldump:https://github.com/prjblk/wordpress-audit-automation/releases
git clone https://github.com/prjblk/wordpress-audit-automation
cp config.ini.sample config.ini
nano config.ini
pip install -r requirements.txt
$ python3 wordpress-plugin-audit.py -h
usage: wordpress-plugin-audit.py [-h] [--download] [--download-dir DOWNLOAD_DIR] [--audit] [--config CONFIG] [--create-schema] [--clear-results] [--verbose]
Downloads or audits all Wordpress plugins.
options:
-h, --help show this help message and exit
--download Download and extract plugins, if plugin directory already exists, it will delete it and redownload
--download-dir DOWNLOAD_DIR
The directory to save/audit downloaded plugins (default: current directory)
--audit Audits downloaded plugins sequentially
--config CONFIG Semgrep config/rules to run - https://semgrep.dev/docs/running-rules#running-semgrep-registry-rules-locally (default: p/php)
--create-schema Create the database and schema if this flag is set
--clear-results Clear audit table and then run, useful if run as a cron job and we only care about the latest release
--verbose Print detailed messages
$ python3 wordpress-plugin-audit.py --download --audit --create-schema
Downloading plugins: 100%|███████████████████████████████████| 2/2 [00:49<00:00, 24.65s/it]
Auditing plugins: 10%|█████ | 2/20 [00:05<00:47, 2.62s/it]
您可以通过查询与特定规则相关的输出来关注特定的漏洞类别。
USE SemgrepResults;
SELECT PluginResults.slug,PluginData.active_installs,PluginResults.file_path,PluginResults.start_line,PluginResults.vuln_lines
FROM PluginResults INNER JOIN PluginData ON PluginResults.slug = PluginData.slug
WHERE check_id = "php.lang.security.injection.tainted-sql-string.tainted-sql-string"
ORDER BY active_installs DESC
如果您在审核插件时遇到问题,请确保您可以先在命令行正常运行 semgrep。
