https://github.com/tristanlatr/wpwatcher

Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.
https://github.com/tristanlatr/wpwatcher

alerts asynchronous auto automate batch bulk email mass multiple report scan service sites syslog vulnerable warnings wordpress wpscan

Last synced: 1 day ago
JSON representation

Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.

• Host: GitHub
• URL: https://github.com/tristanlatr/wpwatcher
• Owner: tristanlatr
• License: apache-2.0
• Created: 2020-03-18T02:58:20.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2023-05-09T14:24:13.000Z (over 1 year ago)
• Last Synced: 2024-10-29T06:20:52.650Z (16 days ago)
• Topics: alerts, asynchronous, auto, automate, batch, bulk, email, mass, multiple, report, scan, service, sites, syslog, vulnerable, warnings, wordpress, wpscan
• Language: Python
• Homepage: https://wpwatcher.readthedocs.io
• Size: 4.75 MB
• Stars: 47
• Watchers: 4
• Forks: 18
• Open Issues: 9
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

        

  

  





  WPWatcher - Automating WPScan to scan and report vulnerable Wordpress sites

  






  

  

  

  

  

  

    

  





  Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. 

  Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found. 



## Features

  - Scan **multiple sites** with WPScan

  - **Parse WPScan output** and divide the results in *"Alerts"*, *"Warnings"* and *"Informations"*  

  - **Handled VulnDB API limit**

  - Define **reporting emails addresses** for every configured site individually and globally 

  - Define **false positives strings** for every configured site individually and globally 

  - Define **WPScan arguments** for every configured site individually and globally 

  - Send WPScan findings to **Syslog** server 

  - Save raw WPScan output into files

  - Log file lists all the findings 

  - Speed up scans using several asynchronous workers

  - **Follow URL redirection** if WPScan fails and propose to ignore main redirect

  - Scan sites continuously at defined interval and configure script as a linux service 

  - Additionnal alerts depending of finding type (SQL dump, etc.)  

  - Keep track of fixed and unfixed issues

## Documentation

[Read The Docs](https://wpwatcher.readthedocs.io/en/latest/).  

## Usage exemple

Scan two sites, add WPScan arguments, follow URL redirection and email report to recepients. If you reach your API limit, it will wait and continue 24h later.

```bash

wpwatcher --url exemple.com exemple1.com \

  --wpscan_args "--force --stealthy --api-token " \

  --follow_redirect --api_limit_wait \

  --send --infos --email_to [email protected] [email protected]

```

WPWatcher must read a configuration file to send mail reports. This exemple assume you have filled your config file with mail server setings.

## Emails

Sample email report.

![WPWatcher Report](https://github.com/tristanlatr/WPWatcher/raw/master/docs/source/_static/wpwatcher-report.png "WPWatcher Report")

## Authors

- Florian Roth (Original author of [WPWatcher v0.2](https://github.com/Neo23x0/WPWatcher))

- Tristan Landes

## Disclamer

Use at your own risks.