{"id":20033918,"url":"https://github.com/tristanlatr/wpscan_out_parse","last_synced_at":"2025-05-05T05:31:22.405Z","repository":{"id":52516344,"uuid":"287036975","full_name":"tristanlatr/wpscan_out_parse","owner":"tristanlatr","description":"Python parser for WPScan output files (JSON and CLI). It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.","archived":false,"fork":false,"pushed_at":"2021-07-27T03:24:51.000Z","size":4303,"stargazers_count":9,"open_issues_count":2,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-08T17:21:40.409Z","etag":null,"topics":["alerts","cli","false-positive","findings","format","html","json","output","parser","warnings","wpscan"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tristanlatr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-12T14:34:46.000Z","updated_at":"2024-03-02T16:35:18.000Z","dependencies_parsed_at":"2022-09-06T14:40:17.543Z","dependency_job_id":null,"html_url":"https://github.com/tristanlatr/wpscan_out_parse","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tristanlatr%2Fwpscan_out_parse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tristanlatr%2Fwpscan_out_parse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tristanlatr%2Fwpscan_out_parse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tristanlatr%2Fwpscan_out_parse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tristanlatr","download_url":"https://codeload.github.com/tristanlatr/wpscan_out_parse/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252445981,"owners_count":21749147,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alerts","cli","false-positive","findings","format","html","json","output","parser","warnings","wpscan"],"created_at":"2024-11-13T09:47:58.433Z","updated_at":"2025-05-05T05:31:22.079Z","avatar_url":"https://github.com/tristanlatr.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WPScan Output Parser\n\n**`wpscan_out_parse` is a Python parser for WPScan output files** (JSON and CLI).  \nIt analyze vulnerabilities, miscellaneous alerts and warnings and other findings.  \n\n\u003ca href=\"https://github.com/tristanlatr/wpscan_out_parse/actions\" target=\"_blank\"\u003e\u003cimg src=\"https://github.com/tristanlatr/wpscan_out_parse/workflows/test/badge.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://codecov.io/gh/tristanlatr/wpscan_out_parse\" target=\"_blank\"\u003e\u003cimg src=\"https://codecov.io/gh/tristanlatr/wpscan_out_parse/branch/master/graph/badge.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://pypi.org/project/wpscan-out-parse/\" target=\"_blank\"\u003e\u003cimg src=\"https://badge.fury.io/py/wpscan-out-parse.svg\"\u003e\u003c/a\u003e\n\n### Features\n- Support WPScan JSON and CLI output files\n- Display results to stdout in CLI, JSON or HTML output format\n- Generate a summary table of your wordpress component containing version and vulnerabilities  \n- Divide the results in \"Alerts\", \"Warnings\" and \"Informations\"\n- Additionnal alerts depending of finding type (SQL dump, etc.)  \n- Signal result via exit code\n- Ignore messages based on false positives strings \n- Simple Python library usage \n- Colorized output by default\n\nDesign of summary table is largely inspired by [wpscan-analyze](https://github.com/lukaspustina/wpscan-analyze) (Rust code).  \n\n### Install\n```\npython3 -m pip install wpscan-out-parse\n```\n\n## How to use\n\n### As a CLI tool\nRun WPScan\n```bash\nwpscan --url https://mysite.com --output file.json --format json --api-token YOUR_API_TOKEN\n```\n\nRun **`wpscan_out_parse`**  \n```bash\npython3 -m wpscan_out_parse file.json\n```\nAnd process output and/or exit code.\n\n#### Exit codes\n- 5 -\u003e ALERT: Your WordPress site is vulnerable\n- 6 -\u003e WARNING: You WordPress site is oudated or potentially vulnerable\n- 4 -\u003e ERROR: WPScan failed\n- 1 -\u003e ERROR: Parser error\n- 0 -\u003e All OK\n\n#### Exemples\n\nDisplay results in HTML format\n```bash\n% python3 -m wpscan_out_parse ./test/output_files/potential_vulns.json --format html \u003e html_output.html\n```\n\n![WPWatcher Report](https://github.com/tristanlatr/wpscan_out_parse/raw/master/sample/html_output.png \"HTML Output\")\n\n### As a Python library\n\nSee the [API reference](https://tristanlatr.github.io/wpscan_out_parse/wpscan_out_parse.html). \n\n### Additionnal alerts strings\nSome additionnal warnings and alerts are raised when detecting the following strings in your output file.  \n\nAlerts \n```python\n\"SQL Dump found\",\n\"Full Path Disclosure found\",\n\"www.owasp.org/index.php/Full_Path_Disclosure\",\n\"codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script\",\n\"www.exploit-db.com/ghdb/3981/\",\n\"A backup directory has been found\",\n\"github.com/wpscanteam/wpscan/issues/422\",\n\"ThemeMakers migration file found\",\n\"packetstormsecurity.com/files/131957\",\n\"Search Replace DB script found\",\n\"interconnectit.com/products/search-and-replace-for-wordpress-databases/\"\n```\n\nWarnings\n```python\n\"Upload directory has listing enabled\",\n\"Registration is enabled\",\n\"Debug Log found\",\n\"codex.wordpress.org/Debugging_in_WordPress\",\n\"Fantastico list found\",\n\"www.acunetix.com/vulnerabilities/fantastico-fileslist/\"\n```\n\n\n### Full help\n```bash\n% python3 -m wpscan_out_parse -h\nusage: python3 -m wpscan_out_parse [Options] \u003cFile path\u003e\n\nwpscan_out_parse is a Python parser for WPScan output files (JSON and CLI).  \nIt analyze vulnerabilities, miscellaneous alerts and warnings and other findings.\n\npositional arguments:\n  \u003cFile path\u003e           WPScan output file to parse.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --format \u003cFormat\u003e     output format, choices are: \"cli\", \"html\", \"json\"\n  --summary             display ony the summary of issues per component.\n  --inline              display only one line like: \"WPScan result summary:\n                        alerts={}, warnings={}, infos={}, error={}\".\n  --no_warnings         do not display warnings, only summary and alerts.\n                        Implies --no_infos.\n  --no_infos            do not display informations and findinds.\n  --no_summary          do not display the summary of issues.\n  --show_all            show all findings details (found by, confidence,\n                        confirmed by).\n  --false_positive String [String ...]\n                        consider all matching messages as infos and add\n                        \"[False positive]\" prefix.\n  --no_color            do not colorize output.\n  --version             print wpscan_out_parse version and exit.\n\n  ```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftristanlatr%2Fwpscan_out_parse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftristanlatr%2Fwpscan_out_parse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftristanlatr%2Fwpscan_out_parse/lists"}