Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/umutphp/wp-vulnerability-check

A command line took to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.
https://github.com/umutphp/wp-vulnerability-check

continuous-integration hacktoberfest security vulnerability-checker wordpress wordpress-plugin wordpress-security wordpress-security-scanner

Last synced: 29 days ago
JSON representation

A command line took to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.

Awesome Lists containing this project

README 

        
# WordPress Vulnerability Check (wp-vulnerability-check)



[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v1.4%20adopted-ff69b4.svg)](CONTRIBUTING.md) ![WOSPM Checker](https://github.com/umutphp/wp-vulnerability-check/workflows/WOSPM%20Checker/badge.svg) [![Latest Stable Version](https://poser.pugx.org/umutphp/wp-vulnerability-check/v/stable)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![Total Downloads](https://poser.pugx.org/umutphp/wp-vulnerability-check/downloads)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![composer.lock](https://poser.pugx.org/umutphp/wp-vulnerability-check/composerlock)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![Open Source Helpers](https://www.codetriage.com/umutphp/wp-vulnerability-check/badges/users.svg)](https://www.codetriage.com/umutphp/wp-vulnerability-check)



WordPress Vulnerability Check (wp-vulnerability-check) is a console application to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.



If you're using WordPress as part of your application and thrid-party WordPress plugins to implement your bussiness logic, you can run wp-vulnerability-check on a CI pipeline to check the vulnerabilities. You should get a token from [wpscan.com](https://wpscan.com/) in order to have access to the API.



![WordPress Vulnerability Check](./assets/wvc_banner.png "WordPress Vulnerability Check")



---



**Table Of Contents**



- [How To Use](#how-to-use)

  - [Requirements](#requirements)

  - [Installation](#installation)

  - [CLI Options](#cli-options)

- [Issues](#issues)

- [Contributing](#contributing)



---



## How To Use



### Requirements



wp-vulnerability-check requires PHP version 5.6.0 or greater.



### Installation



It can be installed as a stand-alone tool or used as a test step on your CI pipeline.



```bash

composer require umutphp/wp-vulnerability-check



```



### CLI Options



After succesfull installation, you can display the options as follows;



```bash

 ./wp-vulnerability-check --help

---------------------------

WP Vulnerability Check version 0.2.2

---------------------------

Usage: wp-vulnerability-check [options]

Options:

    --config            Full path for the YAML config file. A sample config

                        file is .wvc.yml.sample in root folder. CLI arguments

                        override the values in config file.

    --path              Full path of your WordPress installation.

    --plugins-path      Relative path of the plugin folder. It is optional.

                        Please specify if you don't use default plugin folder.

    --mu-plugins-path   Relative path of the mu plugin folder. It is optional.

                        Please specify if you don't use default mu plugin folder.

    --themes-path       Relative path of the theme folder. It is optional.

                        Please specify if you don't use default theme folder.

    --token             Token got from wpscan.com

    --exclude           Exclude the plugins given in comma separated format.

    --output            The format of output. Valid values JSON, READABLE, HTML,

                        NO (Default).

    --no-colors         Disable the console colors. It is enabled by default.

    --version           Show version.

    --help              Print this help.



```



A sample excution,



```bash

$ ./wp-vulnerability-check --path /path/to/plugins/ --token token --output readable



Checking WordPress version ...



.

------------------------------------------------------------

Vulnerability Details



Checking plugins...



.......



Checked 7 plugins in 2 second, no vulnerability found.



The plugins which are not in WPScan Vulnerability Database; akismet, custom-css-js, hello, multisite-clone-duplicator, wp-migrate-db, base, mu-autoloader.

PS: You can exclude your custom plugins with --exclude parameter.



Checking theme...



.



Checked 1 theme in 0.2 second, no vulnerability found.



The theme which is not in WPScan Vulnerability Database; simple-days.

PS: You can exclude your custom themes with --exclude parameter.

```



## Issues



Bug reports and feature requests can be submitted on the [Github Issue Tracker](https://github.com/umutphp/wp-vulnerability-check/issues).



## Contributing



See [CONTRIBUTING.md](CONTRIBUTING.md) for more information.



## Code Of Conduct



See [CODE_OF_CONDUCT](CODE_OF_CONDUCT) for more information.