Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit 4e5b665

Browse files
authoredSep 23, 2020
Merge branch 'master' into zap-integration-tests
2 parents 0b228ce + 04e4d27 commit 4e5b665

File tree

11 files changed

+292
-12
lines changed

11 files changed

+292
-12
lines changed
 

‎.github/workflows/ci.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,17 @@ jobs:
211211
tag_with_ref: true
212212
tag_with_sha: true
213213
build_args: baseImageTag=ci-local
214+
- uses: docker/build-push-action@v1
215+
name: "Build & Push wpscan Parser Image"
216+
with:
217+
username: ${{ secrets.DOCKER_USERNAME }}
218+
password: ${{ secrets.DOCKER_PASSWORD }}
219+
repository: scbexperimental/parser-wpscan
220+
path: ./scanners/wpscan/parser/
221+
tag_with_ref: true
222+
tag_with_sha: true
223+
build_args: baseImageTag=ci-local
224+
214225
hookImages:
215226
name: "Build / Hooks"
216227
runs-on: ubuntu-latest

‎scanners/amass/examples/example.com/README.md

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,6 @@
22
title: "example.com"
33
---
44

5-
<!-- end -->
6-
75
> **Page under construction.**
86
9-
the frontmatter requires the name of the scantarget as 'title'
7+
the frontmatter requires the name of the scantarget as 'title'

‎scanners/ncrack/examples/dummy-ssh/README.md

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,28 @@ In this example we execute an ncrack scan against the intentional vulnerable ssh
22

33
### Install dummy-ssh
44

5-
Before executing the scan, make sure to have dummy-ssh installed:
5+
Before executing the scan, make sure to have dummy-ssh installed, and have the proper username & password lists:
66

77
```bash
8-
helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait
9-
```
8+
# Create user & password list files, you can edit them later if you want
9+
echo "root\nadmin" > users.txt
10+
echo "THEPASSWORDYOUCREATED\n123456\npassword" > passwords.txt
1011

12+
# Create a Kubernetes secret containing these files
13+
kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists
1114

15+
# Install dummy-ssh app. We'll use ncrack to enumerate its ssh username and password
16+
helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait
1217

18+
# Install the ncrack scanType and set mount the files from the ncrack-lists Kubernetes secret
19+
cat <<EOF | helm install ncrack ./scanners/ncrack --values -
20+
scannerJob:
21+
extraVolumes:
22+
- name: ncrack-lists
23+
secret:
24+
secretName: ncrack-lists
25+
extraVolumeMounts:
26+
- name: ncrack-lists
27+
mountPath: "/ncrack/"
28+
EOF
29+
```

‎scanners/ncrack/examples/dummy-ssh/scan.yaml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,10 @@ metadata:
55
spec:
66
scanType: "ncrack"
77
parameters:
8+
# Enable verbose logging
89
- -v
9-
- --user=root,admin
10-
- --pass=THEPASSWORDYOUCREATED,12345
10+
- -U
11+
- /ncrack/users.txt
12+
- -P
13+
- /ncrack/passwords.txt
1114
- ssh://dummy-ssh
12-

‎scanners/ncrack/parser/.gitignore

Lines changed: 0 additions & 2 deletions
This file was deleted.

‎scanners/ncrack/templates/ncrack-scan-type.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,3 +21,8 @@ spec:
2121
command: ["ncrack", "-oX", "/home/securecodebox/ncrack-results.xml"]
2222
resources:
2323
{{- toYaml .Values.scannerJob.resources | nindent 16 }}
24+
volumeMounts:
25+
{{- toYaml .Values.scannerJob.extraVolumeMounts | nindent 16 }}
26+
volumes:
27+
{{- toYaml .Values.scannerJob.extraVolumes | nindent 12 }}
28+

‎scanners/ncrack/values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,5 @@ parserImage:
66
scannerJob:
77
ttlSecondsAfterFinished: null
88
resources: {}
9+
extraVolumes: []
10+
extraVolumeMounts: []

‎scanners/nmap/parser/.gitignore

Lines changed: 0 additions & 1 deletion
This file was deleted.
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
[
2+
{
3+
"name": "WordPress Service",
4+
"description": "WordPress Service Information",
5+
"category": "WordPress Service",
6+
"location": "http://old-wordpress.demo-apps.svc.cluster.local/",
7+
"osi_layer": "APPLICATION",
8+
"severity": "INFORMATIONAL",
9+
"reference": {},
10+
"confidence": 100,
11+
"attributes": {
12+
"ip_address": "10.99.82.140",
13+
"wpscan_version": "3.8.7",
14+
"wpscan_requests": 4777,
15+
"wp_version": "4.0.31",
16+
"wp_release_date": "2020-06-10",
17+
"wp_release_status": "latest",
18+
"wp_interesting_entries": [
19+
"http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'"
20+
],
21+
"wp_found_by": "Meta Generator (Passive Detection)",
22+
"wp_confirmed_by": {
23+
"Atom Generator (Aggressive Detection)": {
24+
"confidence": 80,
25+
"interesting_entries": [
26+
"http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, <generator uri=\"https://wordpress.org/\" version=\"4.0.31\">WordPress</generator>"
27+
]
28+
}
29+
},
30+
"wp_vulnerabilities": []
31+
},
32+
"id": "35e61c23-d525-4509-a024-d1aef37a1623"
33+
},
34+
{
35+
"name": "WordPress finding 'headers'",
36+
"description": "Headers",
37+
"category": "WordPress headers",
38+
"location": "http://old-wordpress.demo-apps.svc.cluster.local/",
39+
"osi_layer": "APPLICATION",
40+
"severity": "INFORMATIONAL",
41+
"confidence": 100,
42+
"reference": {},
43+
"attributes": {
44+
"wp_interesting_entries": [
45+
"Server: nginx/1.7.7",
46+
"X-Powered-By: PHP/5.4.34-0+deb7u1"
47+
],
48+
"wp_found_by": "Headers (Passive Detection)",
49+
"wp_confirmed_by": {}
50+
},
51+
"id": "ca074030-2e55-4a10-bf8f-039c1b8978d9"
52+
},
53+
{
54+
"name": "WordPress finding 'xmlrpc'",
55+
"description": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
56+
"category": "WordPress xmlrpc",
57+
"location": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
58+
"osi_layer": "APPLICATION",
59+
"severity": "INFORMATIONAL",
60+
"confidence": 100,
61+
"reference": {},
62+
"attributes": {
63+
"wp_interesting_entries": [],
64+
"wp_found_by": "Direct Access (Aggressive Detection)",
65+
"wp_confirmed_by": {}
66+
},
67+
"id": "9b521d88-4018-4069-971d-7a020eebab51"
68+
},
69+
{
70+
"name": "WordPress finding 'readme'",
71+
"description": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
72+
"category": "WordPress readme",
73+
"location": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
74+
"osi_layer": "APPLICATION",
75+
"severity": "INFORMATIONAL",
76+
"confidence": 100,
77+
"reference": {},
78+
"attributes": {
79+
"wp_interesting_entries": [],
80+
"wp_found_by": "Direct Access (Aggressive Detection)",
81+
"wp_confirmed_by": {}
82+
},
83+
"id": "7160e807-b6bb-4994-9477-22cac8e2f549"
84+
},
85+
{
86+
"name": "WordPress finding 'wp_cron'",
87+
"description": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
88+
"category": "WordPress wp_cron",
89+
"location": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
90+
"osi_layer": "APPLICATION",
91+
"severity": "INFORMATIONAL",
92+
"confidence": 60,
93+
"reference": {},
94+
"attributes": {
95+
"wp_interesting_entries": [],
96+
"wp_found_by": "Direct Access (Aggressive Detection)",
97+
"wp_confirmed_by": {}
98+
},
99+
"id": "828bf907-da73-4076-994b-a46652b1f972"
100+
}
101+
]
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
apiVersion: "execution.experimental.securecodebox.io/v1"
2+
kind: Scan
3+
metadata:
4+
name: "wpscan-old-wordpress-internal"
5+
spec:
6+
scanType: "wpscan"
7+
parameters:
8+
- "--url"
9+
- old-wordpress.demo-apps.svc.cluster.local
10+
- "-e"
11+
- "vp"
12+
- "--plugins-detection"
13+
- "mixed"
Lines changed: 134 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,134 @@
1+
{
2+
"banner": {
3+
"description": "WordPress Security Scanner by the WPScan Team",
4+
"version": "3.8.7",
5+
"authors": [
6+
"@_WPScan_",
7+
"@ethicalhack3r",
8+
"@erwan_lr",
9+
"@firefart"
10+
],
11+
"sponsor": "Sponsored by Automattic - https://automattic.com/"
12+
},
13+
"start_time": 1600682567,
14+
"start_memory": 42774528,
15+
"target_url": "http://old-wordpress.demo-apps.svc.cluster.local/",
16+
"target_ip": "10.99.82.140",
17+
"effective_url": "http://old-wordpress.demo-apps.svc.cluster.local/",
18+
"interesting_findings": [
19+
{
20+
"url": "http://old-wordpress.demo-apps.svc.cluster.local/",
21+
"to_s": "Headers",
22+
"type": "headers",
23+
"found_by": "Headers (Passive Detection)",
24+
"confidence": 100,
25+
"confirmed_by": {
26+
27+
},
28+
"references": {
29+
30+
},
31+
"interesting_entries": [
32+
"Server: nginx/1.7.7",
33+
"X-Powered-By: PHP/5.4.34-0+deb7u1"
34+
]
35+
},
36+
{
37+
"url": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
38+
"to_s": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php",
39+
"type": "xmlrpc",
40+
"found_by": "Direct Access (Aggressive Detection)",
41+
"confidence": 100,
42+
"confirmed_by": {
43+
44+
},
45+
"references": {
46+
"url": [
47+
"http://codex.wordpress.org/XML-RPC_Pingback_API"
48+
],
49+
"metasploit": [
50+
"auxiliary/scanner/http/wordpress_ghost_scanner",
51+
"auxiliary/dos/http/wordpress_xmlrpc_dos",
52+
"auxiliary/scanner/http/wordpress_xmlrpc_login",
53+
"auxiliary/scanner/http/wordpress_pingback_access"
54+
]
55+
},
56+
"interesting_entries": [
57+
58+
]
59+
},
60+
{
61+
"url": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
62+
"to_s": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html",
63+
"type": "readme",
64+
"found_by": "Direct Access (Aggressive Detection)",
65+
"confidence": 100,
66+
"confirmed_by": {
67+
68+
},
69+
"references": {
70+
71+
},
72+
"interesting_entries": [
73+
74+
]
75+
},
76+
{
77+
"url": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
78+
"to_s": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php",
79+
"type": "wp_cron",
80+
"found_by": "Direct Access (Aggressive Detection)",
81+
"confidence": 60,
82+
"confirmed_by": {
83+
84+
},
85+
"references": {
86+
"url": [
87+
"https://www.iplocation.net/defend-wordpress-from-ddos",
88+
"https://github.com/wpscanteam/wpscan/issues/1299"
89+
]
90+
},
91+
"interesting_entries": [
92+
93+
]
94+
}
95+
],
96+
"version": {
97+
"number": "4.0.31",
98+
"release_date": "2020-06-10",
99+
"status": "latest",
100+
"found_by": "Meta Generator (Passive Detection)",
101+
"confidence": 100,
102+
"interesting_entries": [
103+
"http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'"
104+
],
105+
"confirmed_by": {
106+
"Atom Generator (Aggressive Detection)": {
107+
"confidence": 80,
108+
"interesting_entries": [
109+
"http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, <generator uri=\"https://wordpress.org/\" version=\"4.0.31\">WordPress</generator>"
110+
]
111+
}
112+
},
113+
"vulnerabilities": [
114+
115+
]
116+
},
117+
"main_theme": null,
118+
"plugins": {
119+
120+
},
121+
"vuln_api": {
122+
"error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"
123+
},
124+
"stop_time": 1600682792,
125+
"elapsed": 225,
126+
"requests_done": 4777,
127+
"cached_requests": 4,
128+
"data_sent": 1459447,
129+
"data_sent_humanised": "1.392 MB",
130+
"data_received": 18563423,
131+
"data_received_humanised": "17.703 MB",
132+
"used_memory": 299765760,
133+
"used_memory_humanised": "285.879 MB"
134+
}

0 commit comments

Comments
 (0)