Added Rporting for WPScan

autoreporter_addons/wpscan/reporter.py

@@ -0,0 +1,80 @@
+from pathlib import Path
+from typing import Any, Callable, Dict, List
+
+from artemis.reporting.base.language import Language
+from artemis.reporting.base.normal_form import (
+    NormalForm,
+    get_domain_normal_form,
+    get_domain_score,
+)
+from artemis.reporting.base.report import Report
+from artemis.reporting.base.report_type import ReportType
+from artemis.reporting.base.reporter import Reporter
+from artemis.reporting.base.templating import ReportEmailTemplateFragment
+from artemis.reporting.utils import get_top_level_target
+
+
+class WPScanReporter(Reporter):  # type: ignore
+    FOUND_VULNERABILITY = ReportType("wpscan.found_vulnerability")
+    FOUND_INTERESTING_URLS = ReportType("wpscan.found_interesting_urls")
+
+    @staticmethod
+    def create_reports(task_result: Dict[str, Any], language: Language) -> List[Report]:
+        if task_result["headers"]["receiver"] != "wpscan":
+            return []
+
+        if not isinstance(task_result["result"], list):
+            return []
+
+        result = []
+        for item in task_result["result"]:
+            if "type" in item and item["type"] == "vulnerabilities":
+                result.append(
+                    Report(
+                        top_level_target=get_top_level_target(task_result),
+                        target=item["domain"],
+                        report_type=WPScanReporter.FOUND_VULNERABILITY,
+                        additional_data={},
+                        timestamp=task_result["created_at"],
+                    )
+                )
+            elif "url" in item:
+                result.append(
+                    Report(
+                        top_level_target=get_top_level_target(task_result),
+                        target=item["domain"],
+                        report_type=WPScanReporter.FOUND_INTERESTING_URLS,
+                        additional_data={},
+                        timestamp=task_result["created_at"],
+                    )
+                )
+        return result
+
+    @staticmethod
+    def get_email_template_fragments() -> List[ReportEmailTemplateFragment]:
+        return [
+            ReportEmailTemplateFragment.from_file(
+                str(Path(__file__).parents[0] / "template_found_vulnerability.jinja2"), priority=7
+            ),
+             ReportEmailTemplateFragment.from_file(
+                str(Path(__file__).parents[0] / "template_found_interesting_url.jinja2"), priority=3
+            ),
+        ]
+
+    @staticmethod
+    def get_scoring_rules() -> Dict[ReportType, Callable[[Report], List[int]]]:
+        """See the docstring in the parent class."""
+        return {report_type: WPScanReporter.scoring_rule for report_type in WPScanReporter.get_report_types()}
+
+    @staticmethod
+    def get_normal_form_rules() -> Dict[ReportType, Callable[[Report], NormalForm]]:
+        """See the docstring in the Reporter class."""
+        return {report_type: WPScanReporter.normal_form_rule for report_type in WPScanReporter.get_report_types()}
+
+    @staticmethod
+    def scoring_rule(report: Report) -> List[int]:
+        return [get_domain_score(report.target)]
+
+    @staticmethod
+    def normal_form_rule(report: Report) -> NormalForm:
+        return Reporter.dict_to_tuple({"type": report.report_type, "target": get_domain_normal_form(report.target)})

autoreporter_addons/wpscan/template_found_interesting_url.jinja2

@@ -0,0 +1,19 @@
+{% if "wpscan.found_interesting_urls" in data.contains_type %}
+    <li>{% trans %}We identified a interesting locations that were accessible in your wordporess application:{% endtrans %}
+        <ul>
+            {% for report in data.reports %}
+                {% if report.report_type == "wpscan.found_interesting_urls" %}
+                    <li>
+                        {{ report.target }}: {{ _(report.additional_data.message_en) }}
+                        {{ report_meta(report) }}
+                    </li>
+                {% endif %}
+            {% endfor %}
+        </ul>
+        <p>
+            {% trans trimmed %}
+                Please verify the configuration and if the locations do not have to be accessible, change your confirmation accordingly.
+            {% endtrans %}
+        </p>
+    </li>
+{% endif %}

autoreporter_addons/wpscan/template_found_vulnerablity.jinja2

@@ -0,0 +1,19 @@
+{% if "wpscan.found_vulnerability" in data.contains_type %}
+    <li>{% trans %}We identified a risk with the used Worpress instance:{% endtrans %}
+        <ul>
+            {% for report in data.reports %}
+                {% if report.report_type == "wpscan.found_vulnerability" %}
+                    <li>
+                        {{ report.target }}: {{ _(report.additional_data.message_en) }}
+                        {{ report_meta(report) }}
+                    </li>
+                {% endif %}
+            {% endfor %}
+        </ul>
+        <p>
+            {% trans trimmed %}
+                Please verify the configuration, and, if your instance is vulnerable take the necessary steps. 
+            {% endtrans %}
+        </p>
+    </li>
+{% endif %}

docker-compose.yml

@@ -52,3 +52,4 @@ services:
       - ./Artemis-modules-extra/autoreporter_addons/ssl_checks/:/opt/artemis/reporting/modules/ssl_checks/
       - ./Artemis-modules-extra/autoreporter_addons/sqlmap/:/opt/artemis/reporting/modules/sqlmap/
       - ./Artemis-modules-extra/autoreporter_addons/dns_reaper/:/opt/artemis/reporting/modules/dns_reaper/
+      - ./Artemis-modules-extra/autoreporter_addons/wpscan/:/opt/artemis/reporting/modules/wpscan/