Created
July 6, 2023 22:03
-
-
Save andyg2/586ec54f5c3efe293cf15ea20f45eea3 to your computer and use it in GitHub Desktop.
Use WordFence's vulnerabilities API to determine if any directories match recently reported slugs (previous 30 days)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./wfscan.sh /home/username/web/domain.com/public_html/wp-content/plugins | |
| # Output (Clean) | |
| # >>> Scanning /home/username/web/domain.com/public_html/wp-content/plugins | |
| # >>> Nothing found. | |
| # Output (Suspect) | |
| # >>> Scanning /home/username/web/domain.com/public_html/wp-content/plugins | |
| # >>> Found | |
| # >>> /home/username/web/domain.com/public_html/wp-content/plugins/js_composer | |
| # Note: Change "30 days ago" if you want to scan for older vulnerabilities | |
| ### Begin ### | |
| # Get the directory path from command-line argument | |
| scan_directroy="$1" | |
| echo "Scanning $scan_directroy" | |
| # Set the API URL | |
| url="https://www.wordfence.com/api/intelligence/v2/vulnerabilities/scanner" | |
| # File path for the vulnerabilities.scanner.json | |
| json_file="vulnerabilities.scanner.json" | |
| # Check if the file exists and its modified time is older than 24 hours | |
| if [[ ! -f "$json_file" || $(find "$json_file" -mmin +1440 -print) ]]; then | |
| # File is older than 24 hours, fetch a new copy | |
| echo "Fetching $json_file from the API" | |
| curl -s "$url" >"$json_file" | |
| # else | |
| # Use the existing file | |
| # echo "Using existing $json_file" | |
| fi | |
| # Get the current date (30 days ago) as an ISO 8601 date | |
| current_date=$(date -I -d "30 days ago") | |
| # Calculate the cutoff date as the current date minus 30 days | |
| cutoff_date=$(date -d "$current_date" +%Y-%m-%d) | |
| # Filter the JSON data with jq and extract the matching slugs | |
| matching_slugs=($(cat "$json_file" | jq -r --arg cutoff_date "$cutoff_date" '.[] | select(.published >= $cutoff_date) | .software[].slug' | sort -u)) | |
| # Output the list of slugs | |
| # echo "List of Slugs:" | |
| # for slug in "${matching_slugs[@]}"; do | |
| # echo "$slug" | |
| # done | |
| # Search directories for matching slugs | |
| search_directories() { | |
| local slugs=("$@") | |
| local directory=$scan_directroy | |
| local matching_directories=() | |
| for slug in "${slugs[@]}"; do | |
| if [[ -d "$directory/$slug" ]]; then | |
| matching_directories+=("$slug") | |
| fi | |
| done | |
| echo "${matching_directories[@]}" | |
| } | |
| # Call the function to search directories | |
| matching_directories=($(search_directories "${matching_slugs[@]}")) | |
| # Output the matching directories | |
| if [[ ${#matching_directories[@]} -eq 0 ]]; then | |
| echo "Nothing found." | |
| else | |
| echo "Found suspects" | |
| for directory in "${matching_directories[@]}"; do | |
| echo "$scan_directroy/$directory" | |
| done | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment