https://github.com/tristanlatr/wpscan_out_parse

Python parser for WPScan output files (JSON and CLI). It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.
https://github.com/tristanlatr/wpscan_out_parse

alerts cli false-positive findings format html json output parser warnings wpscan

Last synced: 5 months ago
JSON representation

Python parser for WPScan output files (JSON and CLI). It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.

• Host: GitHub
• URL: https://github.com/tristanlatr/wpscan_out_parse
• Owner: tristanlatr
• License: mit
• Created: 2020-08-12T14:34:46.000Z (about 5 years ago)
• Default Branch: master
• Last Pushed: 2021-07-27T03:24:51.000Z (about 4 years ago)
• Last Synced: 2025-04-08T17:21:40.409Z (6 months ago)
• Topics: alerts, cli, false-positive, findings, format, html, json, output, parser, warnings, wpscan
• Language: Python
• Homepage:
• Size: 4.1 MB
• Stars: 9
• Watchers: 2
• Forks: 2
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# WPScan Output Parser

**`wpscan_out_parse` is a Python parser for WPScan output files** (JSON and CLI).  

It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.  







### Features

- Support WPScan JSON and CLI output files

- Display results to stdout in CLI, JSON or HTML output format

- Generate a summary table of your wordpress component containing version and vulnerabilities  

- Divide the results in "Alerts", "Warnings" and "Informations"

- Additionnal alerts depending of finding type (SQL dump, etc.)  

- Signal result via exit code

- Ignore messages based on false positives strings 

- Simple Python library usage 

- Colorized output by default

Design of summary table is largely inspired by [wpscan-analyze](https://github.com/lukaspustina/wpscan-analyze) (Rust code).  

### Install

```

python3 -m pip install wpscan-out-parse

```

## How to use

### As a CLI tool

Run WPScan

```bash

wpscan --url https://mysite.com --output file.json --format json --api-token YOUR_API_TOKEN

```

Run **`wpscan_out_parse`**  

```bash

python3 -m wpscan_out_parse file.json

```

And process output and/or exit code.

#### Exit codes

- 5 -> ALERT: Your WordPress site is vulnerable

- 6 -> WARNING: You WordPress site is oudated or potentially vulnerable

- 4 -> ERROR: WPScan failed

- 1 -> ERROR: Parser error

- 0 -> All OK

#### Exemples

Display results in HTML format

```bash

% python3 -m wpscan_out_parse ./test/output_files/potential_vulns.json --format html > html_output.html

```

![WPWatcher Report](https://github.com/tristanlatr/wpscan_out_parse/raw/master/sample/html_output.png "HTML Output")

### As a Python library

See the [API reference](https://tristanlatr.github.io/wpscan_out_parse/wpscan_out_parse.html). 

### Additionnal alerts strings

Some additionnal warnings and alerts are raised when detecting the following strings in your output file.  

Alerts 

```python

"SQL Dump found",

"Full Path Disclosure found",

"www.owasp.org/index.php/Full_Path_Disclosure",

"codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script",

"www.exploit-db.com/ghdb/3981/",

"A backup directory has been found",

"github.com/wpscanteam/wpscan/issues/422",

"ThemeMakers migration file found",

"packetstormsecurity.com/files/131957",

"Search Replace DB script found",

"interconnectit.com/products/search-and-replace-for-wordpress-databases/"

```

Warnings

```python

"Upload directory has listing enabled",

"Registration is enabled",

"Debug Log found",

"codex.wordpress.org/Debugging_in_WordPress",

"Fantastico list found",

"www.acunetix.com/vulnerabilities/fantastico-fileslist/"

```

### Full help

```bash

% python3 -m wpscan_out_parse -h

usage: python3 -m wpscan_out_parse [Options] 

wpscan_out_parse is a Python parser for WPScan output files (JSON and CLI).  

It analyze vulnerabilities, miscellaneous alerts and warnings and other findings.

positional arguments:

             WPScan output file to parse.

optional arguments:

  -h, --help            show this help message and exit

  --format      output format, choices are: "cli", "html", "json"

  --summary             display ony the summary of issues per component.

  --inline              display only one line like: "WPScan result summary:

                        alerts={}, warnings={}, infos={}, error={}".

  --no_warnings         do not display warnings, only summary and alerts.

                        Implies --no_infos.

  --no_infos            do not display informations and findinds.

  --no_summary          do not display the summary of issues.

  --show_all            show all findings details (found by, confidence,

                        confirmed by).

  --false_positive String [String ...]

                        consider all matching messages as infos and add

                        "[False positive]" prefix.

  --no_color            do not colorize output.

  --version             print wpscan_out_parse version and exit.

  ```