Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wordpress Security Scanner #66

Merged
merged 21 commits into from
Mar 11, 2024
Merged

Wordpress Security Scanner #66

merged 21 commits into from
Mar 11, 2024

Conversation

cyberamt
Copy link
Contributor

@cyberamt cyberamt commented Jan 8, 2024

This pull request adds the "WP-Scan" module to Artemis. github.com/wpscanteam/wpscan

WP-Scan is an open-source WordPress security scanner designed to identify vulnerabilities and security issues within WordPress installations.

Additionally, you can enhance the module's functionality by adding your official WPScan API key to a WPSCAN_API_KEY variable in the ExtraModulesConfig class. This allows Artemis to also query the official WPScan API.

Please review the changes and let me know if you have any concerns or suggestions for improvement.

@cyberamt
Copy link
Contributor Author

Hey @kazet what do you think about this tool for Artemis? Anything i can improve on the code or do you think it is not that interesting because you got other wordpress tools?

@kazet
Copy link
Member

kazet commented Feb 21, 2024

Hello,

First, sorry for the significant delay in getting back to you!

In Artemis we already have a module that checks whether WordPress plugins are up-to-date, but this one gives you one more thing - vulnerability information from WPScan, so it would be a good idea to add such a feature.

Because wpscan is not open source (https://github.com/wpscanteam/wpscan/blob/master/LICENSE) I need to check with our legal team how to solve this - I'll get back to you on Friday (February 23).

@kazet
Copy link
Member

kazet commented Feb 23, 2024
edited
Loading

Hello,

getting back to you! We will be able to merge the wpscan module after adding some kind of a disclaimer that describes the terms to run wpscan, links to the license etc. - we will propose something next week.

Would it be possible for you to add reporting capabilities to this PR, so that issues found by wpscan are added to the reports generated by Artemis?

@cyberamt
Copy link
Contributor Author

Would it be possible for you to add reporting capabilities to this PR, so that issues found by wpscan are added to the reports generated by Artemis?

Yes i will work on that and improve the pull request 👍🏻

@kazet
Copy link
Member

kazet commented Mar 6, 2024

Hello,

made some minor improvements, e.g. improved the report grammar, added license disclaimer and due to wpscan non-standard license made the module disabled by default.

Please make sure the PR is still consistent with your vision and if it still is, let me know - we will merge ;)

Sorry again that it took so long!

@cyberamt
Copy link
Contributor Author

cyberamt commented Mar 7, 2024

Please make sure the PR is still consistent with your vision and if it still is, let me know - we will merge ;)

😄 I would love if you merge the branch.

@kazet kazet merged commit 82c6271 into CERT-Polska:main Mar 11, 2024
2 checks passed
@cyberamt cyberamt deleted the wp-scan branch March 11, 2024 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cyberamt @kazet