Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Proof of concept ZAP wrapper for wpscan
/*
* Zed Attack Proxy (ZAP) and its related class files.
*
* ZAP is an HTTP/HTTPS proxy for assessing web application security.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.zaproxy.zap.extension.ascanrules;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.Random;
import org.parosproxy.paros.Constant;
import java.util.Map;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.net.URLDecoder;
import org.apache.log4j.Logger;
import org.parosproxy.paros.core.scanner.AbstractAppParamPlugin;
import org.parosproxy.paros.core.scanner.AbstractAppPlugin;
import org.parosproxy.paros.core.scanner.AbstractHostPlugin;
import org.parosproxy.paros.core.scanner.Alert;
import org.parosproxy.paros.core.scanner.Category;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.model.Vulnerabilities;
import org.zaproxy.zap.model.Vulnerability;
import org.apache.commons.httpclient.URI;
import java.io.IOException;
import java.io.OutputStream;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.lang.ProcessBuilder;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import difflib.Delta;
import difflib.DiffUtils;
import difflib.Patch;
public class ZapWPSCAN extends AbstractHostPlugin
{
private static Logger log = Logger.getLogger(ZapWPSCAN.class);
@Override
public void init() {
}
@Override
public void scan() {
try {
URI originalURI = this.getBaseMsg().getRequestHeader().getURI();
String target = originalURI.getScheme() + "://" +originalURI.getAuthority();
log.info("Starting wpscan... Target is " + target);
log.info(target);
ProcessBuilder builder = new ProcessBuilder("/usr/bin/wpscan", "--url", "http://wp.vuln/");
builder.redirectErrorStream(true);
Process process = builder.start();
BufferedReader reader = new BufferedReader (new InputStreamReader(process.getInputStream()));
String vulnPatternString = "^\\[31m\\[!\\]\\[0m(?: Title\\:)? (.*)";
Pattern vulnPattern = Pattern.compile(vulnPatternString);
String line;
while ((line = reader.readLine ()) != null) {
Matcher m = vulnPattern.matcher(line);
if (m.find()) {
bingo(Alert.RISK_HIGH, Alert.WARNING, m.group(1), "", null, "d", "", "", "","",getNewMsg());
log.info("Vuln: " + m.group(1));
}
}
} catch (Exception e) {
log.info("Error" + e.getMessage());
}
}
@Override
public int getId() {
return 33003;
}
@Override
public String getName() {
return "Zap - wpscan";
}
@Override
public int getCategory()
{
return Category.INFO_GATHER;
}
@Override
public String[] getDependency()
{
return null;
}
@Override
public String getDescription()
{
return "Word press passive scanner";
}
@Override
public String getSolution()
{
return "Update WordPress.";
}
@Override
public String getReference()
{
return "Failed to load vulnerability reference from file";
}
@Override
public int getRisk() {
return Alert.RISK_HIGH; //Medium or maybe High.. depends on the file.
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment