wordpress vuln scanner

wpscan.sh

#!/bin/bash

usage() {
	cat <<EOF
Usage: $0 [options]

Options:
	-h print this usage
	-u url to check
	-p proxy to use
	-t use tor+privoxy
	-a use this agent
	-r use random agent
EOF
}


url=""
proxy=""
agent=""
verbose=false
while getopts "hu:p:ta:rv" OPT
do
	case $OPT in
		h)
			usage
			exit
			;;
		u)
			url="$OPTARG"
			;;
		p)
			proxy="$OPTARG"
			;;
		t)
			proxy="127.0.0.1:8118"
			;;
		a)
			agent="$OPTARG"
			;;
		r)
			echo "Random agent is unimplemented!"
			exit
			;;
		v)
			verbose=true
	esac
done

if [[ -z $url ]]; then
	echo "Dayum gimmie something to hax"
	usage
	exit 1
fi

curl_command="curl -L"

if [[ ! -z $proxy ]]; then
	curl_command="$curl_command --proxy $proxy"
fi

if [[ ! -z $agent ]]; then
	curl_command="$curl_command -A $agent"
fi

if [[ $verbose == true ]]; then
	curl_command="$curl_command -v"
fi

get_path() {
	eval "$curl_command $url$1 2>/dev/null"
}

version=""
index_body=$(get_path '/')

version=$(get_path '/readme.html' | grep "Version" | cut -d ' ' -f 4)

check_wp() {
	local v=$(echo $1 | sed 's/\.//g')
	local res=$(eval "$curl_command https://wpvulndb.com/api/v2/wordpresses/$v 2>/dev/null")
	local release_date=$(echo $res | jq ".[\"$1\"] | .release_date")
	echo "Released in $release_date"
	echo "$res" | 
		jq ".\"$1\".vulnerabilities[] | .title,.references" |
		sed 's/{/References\:/g' |
		sed -r 's/(\[|\])//g' |
		sed 's/}/================================================================/g'

}

check_plugins() {
	echo "TODO"
}

if [[ ! -z "$version" ]]
then
	echo "Found WP version number: $version"
	check_wp "$version"
else
	echo "No version number found"
fi

check_plugins