YooDefender/wpaudit
1
0
Fork 0
mirror of https://github.com/JulesJujuu/wpaudit.git synced 2025-10-04 04:26:46 +08:00
Code Projects Releases Packages Wiki Activity Actions
wpaudit/reporting/report_template.html

257 lines
16 KiB
HTML
Raw Permalink Normal View History

feat: Major enhancements, system rename to WPAUDIT, and core improvements This commit introduces a wide range of significant enhancements, a system-wide rename, and core architectural improvements. **1. System Renaming:** - Renamed the project from "OmegaScythe Dominator/Overlord" and "OSO" to "WPAUDIT" across all relevant files. This includes: - `README.md`: Updated project title, descriptions, and example file names. - `config/default_config.yaml`: Updated comments, `output_dir`, `report_prefix`, `default_user_agent`, and XSS fuzzing payload markers. - Python Modules (`main.py`, `core/utils.py`, `core/tool_runner.py`, `modules/wpscan_auditor.py`, `modules/nuclei_scanner.py`, `modules/exploit_intel/metasploit_handler.py`): Updated internal references, print statements, and default values to reflect "WPAUDIT". **2. Extensive Module Enhancements:** - **wp_analyzer Suite:** - `sqli_checker.py`: Added sophisticated boolean-based and time-based blind SQLi detection capabilities. - `xss_checker.py`: Expanded XSS payloads and added heuristic URL fragment checking for potential DOM XSS vectors. - `admin_area_security.py`: Added checks for alternative admin paths, common admin protection plugin footprints, and .htaccess protection heuristics. - `advanced_user_enum.py`: Implemented oEmbed and more granular REST API user enumeration techniques. - `ajax_checker.py`: Added rudimentary HTML-based AJAX action discovery and a basic parameter fuzzing framework for discovered actions. - `config_audit.py`: Implemented heuristic checks for `WP_DEBUG` exposure, `DISALLOW_FILE_EDIT`, and `FORCE_SSL_ADMIN` status. - `login_page.py`: Added detection for CAPTCHA, 2FA plugin footprints, "Lost Password" & "Register" link analysis, and passive password policy hints. - `comment_security.py`: Added checks for comment author link `rel` attributes (nofollow, ugc, sponsored), comment moderation hints, and `wp-comments-post.php` protection. - `cron_checker.py`: Refined `wp-cron.php` accessibility checks, added `X-Robots-Tag` check, and informational notes on cron-related constants. - `debug_exposure.py`: Added checks for publicly accessible `debug.log` and Query Monitor plugin footprints. - `custom_endpoint_fuzzer.py`: Implemented deeper REST API endpoint discovery (listing routes within custom namespaces), consumption of AJAX actions from `ajax_checker.py`, basic unauthenticated probing, and a lightweight fuzzing capability (XSS, SQLi) for discovered custom endpoints. - `directory_listing.py`: Added recursive checking for `wp-content/uploads` (year/month), dynamic checking of discovered plugin/theme subdirectories, sensitive file type highlighting, and an expanded list of common directories. - `multisite_checker.py`: Improved multisite detection (HTML footprints like body classes, asset paths, `sunrise.php` presence) and deeper `wp-signup.php` analysis for user/site registration hints. - `rest_api.py` (formerly `analyze_rest_api_user_enum`): Renamed and refocused to `analyze_rest_api_general`. Now includes comprehensive listing of all REST API namespaces/routes, analysis of the API root for info disclosure, and unauthenticated checks on core endpoints (users, posts, pages, media, settings). - `security_headers.py`: Implemented detailed Content-Security-Policy (CSP) analysis (unsafe-inline/eval, broad sources, missing directives), deeper Strict-Transport-Security (HSTS) checks (max-age, includeSubDomains, preload), added checks for newer headers (COOP, COEP, CORP), and analysis of headers on `wp-login.php`. - `user_registration.py`: Added checks for CAPTCHA/anti-spam footprints, passive analysis for password strength meter indicators, heuristic checks for email verification requirements, and more detailed analysis of `wp-signup.php` in multisite contexts. - **Other Scanner Modules:** - `sqlmap_injector.py`: Added support for SQLMap tamper scripts via configuration and refined vulnerability detection from logs. - `nmap_scanner.py`: Enabled and refined Nmap XML parsing for better data extraction, added support for NSE script profiles, and included host script results in findings. - `parameter_finder.py`: Corrected `run_scan` logic for Arjun tool execution and standardized options handling. - **Exploit Intelligence (`exploit_intel/`):** - `query_builder.py`: Now leverages Nmap service information and more granular Nuclei data (tags, classification) to generate richer and more targeted exploit search queries. - `gatherer.py`: Handles structured query objects, includes basic query prioritization (CVEs first), stores results in a new `found_exploits_correlated` structure, and incorporates a confidence score for SearchSploit results based on query relevance. - `searchsploit_handler.py`: Improved JSON parsing from SearchSploit output, added extraction of "Date" and "Author" fields, and included placeholders for future exploit mirroring functionality. **3. Core Function Improvements:** - **Reporting (`reporting/generator.py` & `report_template.html`):** - Implemented HTML report generation using Jinja2. - Created `reporting/report_template.html` for structured and user-friendly HTML reports. - Updated `main.py` to call the HTML report generation function. - **State Management (`core/state.py`):** - Integrated `orjson` for potentially faster JSON serialization/deserialization. - Implemented a backup mechanism (`.bak` file) before overwriting the state file during `save_state`. - Updated internal default paths/prefixes to align with the "WPAUDIT" renaming. - **Tool Checking (`core/tool_checker.py`):** - Implemented tool version checking against configurable minimum versions using the `packaging` library. - Added more specific regex patterns for version parsing for various tools. - Updated status reporting for tool checks to be more granular (e.g., "Found (Version OK)", "Found (Version Too Low)"). - **Tool Runner (`core/tool_runner.py`):** - Improved error message for `subprocess.CalledProcessError` to include a snippet of `stderr` for better diagnostics. **4. Configuration & Documentation:** - Updated `README.md` with the new "WPAUDIT" name, revised descriptions, and updated example file names. - Updated `config/default_config.yaml` with the "WPAUDIT" name, new report/output directory defaults, and new configuration options related to module enhancements (e.g., `exploit_intel_mirror_searchsploit_exploits`). - Implicitly added `Jinja2`, `orjson`, and `packaging` to `requirements.txt` dependencies. This comprehensive suite of changes significantly advances WPAUDIT's capabilities, making it a more robust, intelligent, and user-friendly WordPress security auditing tool.
2025-05-20 00:51:10 +05:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>WPAUDIT Scan Report: {{ target_info.url }}</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; background-color: #f4f4f4; color: #333; }
.container { background-color: #fff; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0,0,0,0.1); }
h1, h2, h3 { color: #333; }
h1 { border-bottom: 2px solid #ddd; padding-bottom: 10px; }
h2 { border-bottom: 1px solid #eee; padding-bottom: 5px; margin-top: 30px; }
table { width: 100%; border-collapse: collapse; margin-top: 15px; }
th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
th { background-color: #f0f0f0; }
.severity-critical { color: red; font-weight: bold; }
.severity-high { color: orange; font-weight: bold; }
.severity-medium { color: #b08000; } /* Dark Yellow */
.severity-low { color: #337ab7; } /* Blueish */
.severity-info { color: #5cb85c; } /* Greenish */
.code { background-color: #eef; padding: 2px 5px; border-radius: 3px; font-family: monospace; }
.finding-block { margin-bottom: 15px; padding: 10px; border: 1px solid #eee; border-radius: 4px; }
.finding-title { font-weight: bold; }
.remediation { margin-top: 5px; padding: 8px; background-color: #f9f9f9; border-left: 3px solid #5cb85c;}
.collapsible { background-color: #777; color: white; cursor: pointer; padding: 10px; width: 100%; border: none; text-align: left; outline: none; font-size: 16px; margin-top:10px; border-radius: 4px;}
.active, .collapsible:hover { background-color: #555; }
.content { padding: 0 18px; max-height: 0; overflow: hidden; transition: max-height 0.2s ease-out; background-color: #f9f9f9; border: 1px solid #ddd; border-top:none;}
.module-findings { margin-top: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>WPAUDIT Security Scan Report</h1>
<h2>Scan Overview</h2>
<p><strong>Target URL:</strong> {{ target_info.url }}</p>
<p><strong>Target IP:</strong> {{ target_info.ip | default('N/A') }}</p>
<p><strong>Scan Profile:</strong> {{ scan_config_used.profile_name | default('N/A') }}</p>
<p><strong>Scan Started:</strong> {{ scan_metadata.start_time | default('N/A') }}</p>
<p><strong>Scan Ended:</strong> {{ scan_metadata.end_time | default('N/A') }}</p>
<h2>Executive Summary</h2>
<p>This report outlines the findings from the WPAUDIT security scan. Review all findings, especially those marked Critical or High severity.</p>
{% if critical_alerts %}
<h3>Critical Alerts Summary</h3>
<ul>
{% for alert_msg, count in critical_alerts_summary.items() %}
<li>{{ alert_msg }}: {{ count }} instance(s)</li>
{% endfor %}
</ul>
{% else %}
<p>No critical alerts were automatically flagged during this scan. Manual review of all findings is essential.</p>
{% endif %}
<h2>Prioritized Remediation (Top 5)</h2>
{% if sorted_remediations %}
<ol>
{% for finding_id, details in sorted_remediations[:5] %}
<li>
<span class="severity-{{ details.severity | lower }}">{{ details.severity | upper }}</span> -
<strong>{{ details.source | default('Unknown Source') }}:</strong>
{{ details.description | truncate(150) }}
<div class="remediation"><strong>Remediation:</strong> {{ details.remediation }}</div>
</li>
{% endfor %}
</ol>
{% if sorted_remediations | length > 5 %}<p><em>... and {{ (sorted_remediations | length) - 5 }} more. See full details below or in the JSON report.</em></p>{% endif %}
{% else %}
<p>No specific high-priority remediation actions were automatically generated. Manual review of all findings is essential.</p>
{% endif %}
<h2>Detailed Findings by Module</h2>
{% for module_name, module_data in findings.items() %}
{% if module_data and module_data.status and module_data.status != "Not Run" and module_data.status != "Skipped (No Queries)" and module_data.status != "Disabled in Config" %}
<button type="button" class="collapsible">{{ module_name | replace("_", " ") | title }} (Status: {{ module_data.status }})</button>
<div class="content">
<div class="module-findings">
{% if module_name == "wpscan_results" and module_data.targets %}
{% for target_url, target_scan_data in module_data.targets.items() %}
<h3>WPScan: {{ target_url }}</h3>
{% if target_scan_data.data %}
<p><strong>Version:</strong> {{ target_scan_data.data.version.number | default('N/A') }} (Status: {{ target_scan_data.data.version.status | default('N/A') }})</p>
{% if target_scan_data.data.version.vulnerabilities %}
<h4>Core Vulnerabilities:</h4>
<ul>
{% for vuln in target_scan_data.data.version.vulnerabilities %}
<li><strong>{{ vuln.title }}</strong>
<ul>{% for ref_type, refs in vuln.references.items() %}<li>{{ ref_type | upper }}: {% for r in refs %}<a href="{{ r }}" target="_blank">{{ r }}</a> {% endfor %}</li>{% endfor %}</ul>
</li>
{% endfor %}
</ul>
{% endif %}
Basic Bug Fixed and little bit enhancement
2025-05-20 01:39:20 +05:00
{% if target_scan_data.data.main_theme and target_scan_data.data.main_theme.vulnerabilities %}
<h4>Main Theme Vulnerabilities ({{ target_scan_data.data.main_theme.slug | default('Unknown Theme') }}):</h4>
<ul>
{% for vuln in target_scan_data.data.main_theme.vulnerabilities %}
<li><strong>{{ vuln.title }}</strong>
<ul>{% for ref_type, refs in vuln.references.items() %}<li>{{ ref_type | upper }}: {% for r in refs %}<a href="{{ r }}" target="_blank">{{ r }}</a> {% endfor %}</li>{% endfor %}</ul>
</li>
{% endfor %}
</ul>
{% endif %}
{% if target_scan_data.data.plugins %}
<h4>Plugin Vulnerabilities:</h4>
{% for plugin_slug, plugin_data in target_scan_data.data.plugins.items() %}
{% if plugin_data.vulnerabilities %}
<h5>Plugin: {{ plugin_slug }} (Version: {{ plugin_data.version.number | default('N/A') }})</h5>
<ul>
{% for vuln in plugin_data.vulnerabilities %}
<li><strong>{{ vuln.title }}</strong>
<ul>{% for ref_type, refs in vuln.references.items() %}<li>{{ ref_type | upper }}: {% for r in refs %}<a href="{{ r }}" target="_blank">{{ r }}</a> {% endfor %}</li>{% endfor %}</ul>
</li>
{% endfor %}
</ul>
{% endif %}
{% endfor %}
{% endif %}
feat: Major enhancements, system rename to WPAUDIT, and core improvements This commit introduces a wide range of significant enhancements, a system-wide rename, and core architectural improvements. **1. System Renaming:** - Renamed the project from "OmegaScythe Dominator/Overlord" and "OSO" to "WPAUDIT" across all relevant files. This includes: - `README.md`: Updated project title, descriptions, and example file names. - `config/default_config.yaml`: Updated comments, `output_dir`, `report_prefix`, `default_user_agent`, and XSS fuzzing payload markers. - Python Modules (`main.py`, `core/utils.py`, `core/tool_runner.py`, `modules/wpscan_auditor.py`, `modules/nuclei_scanner.py`, `modules/exploit_intel/metasploit_handler.py`): Updated internal references, print statements, and default values to reflect "WPAUDIT". **2. Extensive Module Enhancements:** - **wp_analyzer Suite:** - `sqli_checker.py`: Added sophisticated boolean-based and time-based blind SQLi detection capabilities. - `xss_checker.py`: Expanded XSS payloads and added heuristic URL fragment checking for potential DOM XSS vectors. - `admin_area_security.py`: Added checks for alternative admin paths, common admin protection plugin footprints, and .htaccess protection heuristics. - `advanced_user_enum.py`: Implemented oEmbed and more granular REST API user enumeration techniques. - `ajax_checker.py`: Added rudimentary HTML-based AJAX action discovery and a basic parameter fuzzing framework for discovered actions. - `config_audit.py`: Implemented heuristic checks for `WP_DEBUG` exposure, `DISALLOW_FILE_EDIT`, and `FORCE_SSL_ADMIN` status. - `login_page.py`: Added detection for CAPTCHA, 2FA plugin footprints, "Lost Password" & "Register" link analysis, and passive password policy hints. - `comment_security.py`: Added checks for comment author link `rel` attributes (nofollow, ugc, sponsored), comment moderation hints, and `wp-comments-post.php` protection. - `cron_checker.py`: Refined `wp-cron.php` accessibility checks, added `X-Robots-Tag` check, and informational notes on cron-related constants. - `debug_exposure.py`: Added checks for publicly accessible `debug.log` and Query Monitor plugin footprints. - `custom_endpoint_fuzzer.py`: Implemented deeper REST API endpoint discovery (listing routes within custom namespaces), consumption of AJAX actions from `ajax_checker.py`, basic unauthenticated probing, and a lightweight fuzzing capability (XSS, SQLi) for discovered custom endpoints. - `directory_listing.py`: Added recursive checking for `wp-content/uploads` (year/month), dynamic checking of discovered plugin/theme subdirectories, sensitive file type highlighting, and an expanded list of common directories. - `multisite_checker.py`: Improved multisite detection (HTML footprints like body classes, asset paths, `sunrise.php` presence) and deeper `wp-signup.php` analysis for user/site registration hints. - `rest_api.py` (formerly `analyze_rest_api_user_enum`): Renamed and refocused to `analyze_rest_api_general`. Now includes comprehensive listing of all REST API namespaces/routes, analysis of the API root for info disclosure, and unauthenticated checks on core endpoints (users, posts, pages, media, settings). - `security_headers.py`: Implemented detailed Content-Security-Policy (CSP) analysis (unsafe-inline/eval, broad sources, missing directives), deeper Strict-Transport-Security (HSTS) checks (max-age, includeSubDomains, preload), added checks for newer headers (COOP, COEP, CORP), and analysis of headers on `wp-login.php`. - `user_registration.py`: Added checks for CAPTCHA/anti-spam footprints, passive analysis for password strength meter indicators, heuristic checks for email verification requirements, and more detailed analysis of `wp-signup.php` in multisite contexts. - **Other Scanner Modules:** - `sqlmap_injector.py`: Added support for SQLMap tamper scripts via configuration and refined vulnerability detection from logs. - `nmap_scanner.py`: Enabled and refined Nmap XML parsing for better data extraction, added support for NSE script profiles, and included host script results in findings. - `parameter_finder.py`: Corrected `run_scan` logic for Arjun tool execution and standardized options handling. - **Exploit Intelligence (`exploit_intel/`):** - `query_builder.py`: Now leverages Nmap service information and more granular Nuclei data (tags, classification) to generate richer and more targeted exploit search queries. - `gatherer.py`: Handles structured query objects, includes basic query prioritization (CVEs first), stores results in a new `found_exploits_correlated` structure, and incorporates a confidence score for SearchSploit results based on query relevance. - `searchsploit_handler.py`: Improved JSON parsing from SearchSploit output, added extraction of "Date" and "Author" fields, and included placeholders for future exploit mirroring functionality. **3. Core Function Improvements:** - **Reporting (`reporting/generator.py` & `report_template.html`):** - Implemented HTML report generation using Jinja2. - Created `reporting/report_template.html` for structured and user-friendly HTML reports. - Updated `main.py` to call the HTML report generation function. - **State Management (`core/state.py`):** - Integrated `orjson` for potentially faster JSON serialization/deserialization. - Implemented a backup mechanism (`.bak` file) before overwriting the state file during `save_state`. - Updated internal default paths/prefixes to align with the "WPAUDIT" renaming. - **Tool Checking (`core/tool_checker.py`):** - Implemented tool version checking against configurable minimum versions using the `packaging` library. - Added more specific regex patterns for version parsing for various tools. - Updated status reporting for tool checks to be more granular (e.g., "Found (Version OK)", "Found (Version Too Low)"). - **Tool Runner (`core/tool_runner.py`):** - Improved error message for `subprocess.CalledProcessError` to include a snippet of `stderr` for better diagnostics. **4. Configuration & Documentation:** - Updated `README.md` with the new "WPAUDIT" name, revised descriptions, and updated example file names. - Updated `config/default_config.yaml` with the "WPAUDIT" name, new report/output directory defaults, and new configuration options related to module enhancements (e.g., `exploit_intel_mirror_searchsploit_exploits`). - Implicitly added `Jinja2`, `orjson`, and `packaging` to `requirements.txt` dependencies. This comprehensive suite of changes significantly advances WPAUDIT's capabilities, making it a more robust, intelligent, and user-friendly WordPress security auditing tool.
2025-05-20 00:51:10 +05:00
{% elif target_scan_data.error %}
<p>Error: {{ target_scan_data.error }}</p>
{% endif %}
{% endfor %}
{% elif module_name == "nuclei_results" and module_data.findings %}
<p>Found {{ module_data.findings | length }} potential issues.</p>
{% for finding in module_data.findings %}
<div class="finding-block">
<p class="finding-title"><span class="severity-{{ finding.info.severity | lower }}">{{ finding.info.severity | upper }}</span>: {{ finding.info.name }}</p>
<p><strong>Description:</strong> {{ finding.info.description | default('N/A') }}</p>
<p><strong>Matched At:</strong> <code class="code">{{ finding.get('matched-at', 'N/A') }}</code></p>
<p><strong>Template ID:</strong> {{ finding.get('template-id') }}</p>
{% if finding.info.tags %}<p><strong>Tags:</strong> {{ finding.info.tags | join(', ') }}</p>{% endif %}
{% if finding.info.reference %}<p><strong>References:</strong> {% for ref in finding.info.reference %}<a href="{{ ref }}" target="_blank">{{ ref }}</a> {% endfor %}</p>{% endif %}
{% if finding.info.remediation %}<div class="remediation"><strong>Remediation:</strong> {{ finding.info.remediation }}</div>{% endif %}
</div>
{% endfor %}
{% elif module_name == "exploit_intelligence" and module_data.found_exploits_correlated %}
{% for component_key, exploit_info in module_data.found_exploits_correlated.items() %}
{% if exploit_info.searchsploit or exploit_info.metasploit %}
<h4>Exploits for: {{ component_key }}</h4>
{% if exploit_info.associated_cves %}<p>Associated CVEs: {{ exploit_info.associated_cves | join(', ') }}</p>{% endif %}
{% if exploit_info.searchsploit %}
<h5>SearchSploit:</h5>
<ul>
{% for ss_exploit in exploit_info.searchsploit %}
<li>{{ ss_exploit.title }} (EDB-ID: {{ ss_exploit['EDB-ID'] }}) - Path: <code class="code">{{ ss_exploit.path }}</code> - Confidence: {{ ss_exploit.confidence | default('N/A') }}</li>
{% endfor %}
</ul>
{% endif %}
{% if exploit_info.metasploit %}
<h5>Metasploit:</h5>
<ul>
{% for msf_exploit in exploit_info.metasploit %}
<li>{{ msf_exploit.description }} (Path: <code class="code">{{ msf_exploit.path }}</code> - Rank: {{ msf_exploit.rank }})</li>
{% endfor %}
</ul>
{% endif %}
{% endif %}
{% endfor %}
Basic Bug Fixed and little bit enhancement
2025-05-20 01:39:20 +05:00
{% elif module_name == "nmap_results" and module_data.open_ports %}
<h4>Nmap Scan Results</h4>
{% if module_data.os_detection and module_data.os_detection.name %}
<p><strong>OS Detection:</strong> {{ module_data.os_detection.name }} (Accuracy: {{ module_data.os_detection.accuracy }}%)</p>
{% endif %}
<h5>Open Ports:</h5>
<table>
<thead><tr><th>Port</th><th>Protocol</th><th>State</th><th>Service</th><th>Product</th><th>Version</th><th>Extra Info</th></tr></thead>
<tbody>
{% for port in module_data.open_ports %}
<tr>
<td>{{ port.portid }}</td>
<td>{{ port.protocol }}</td>
<td>{{ port.state }}</td>
<td>{{ port.service_name }}</td>
<td>{{ port.product }}</td>
<td>{{ port.version }}</td>
<td>{{ port.extrainfo }}</td>
</tr>
{% if port.scripts %}
<tr><td colspan="7">
<strong>Scripts:</strong>
<ul>
{% for script in port.scripts %}
<li><code class="code">{{ script.id }}</code>: {{ script.output | truncate(200) }}</li>
{% endfor %}
</ul>
</td></tr>
{% endif %}
{% endfor %}
</tbody>
</table>
{% if module_data.host_scripts %}
<h5>Host Scripts:</h5>
<ul>
{% for script in module_data.host_scripts %}
<li><code class="code">{{ script.id }}</code>: {{ script.output | truncate(300) }}</li>
{% endfor %}
</ul>
{% endif %}
feat: Major enhancements, system rename to WPAUDIT, and core improvements This commit introduces a wide range of significant enhancements, a system-wide rename, and core architectural improvements. **1. System Renaming:** - Renamed the project from "OmegaScythe Dominator/Overlord" and "OSO" to "WPAUDIT" across all relevant files. This includes: - `README.md`: Updated project title, descriptions, and example file names. - `config/default_config.yaml`: Updated comments, `output_dir`, `report_prefix`, `default_user_agent`, and XSS fuzzing payload markers. - Python Modules (`main.py`, `core/utils.py`, `core/tool_runner.py`, `modules/wpscan_auditor.py`, `modules/nuclei_scanner.py`, `modules/exploit_intel/metasploit_handler.py`): Updated internal references, print statements, and default values to reflect "WPAUDIT". **2. Extensive Module Enhancements:** - **wp_analyzer Suite:** - `sqli_checker.py`: Added sophisticated boolean-based and time-based blind SQLi detection capabilities. - `xss_checker.py`: Expanded XSS payloads and added heuristic URL fragment checking for potential DOM XSS vectors. - `admin_area_security.py`: Added checks for alternative admin paths, common admin protection plugin footprints, and .htaccess protection heuristics. - `advanced_user_enum.py`: Implemented oEmbed and more granular REST API user enumeration techniques. - `ajax_checker.py`: Added rudimentary HTML-based AJAX action discovery and a basic parameter fuzzing framework for discovered actions. - `config_audit.py`: Implemented heuristic checks for `WP_DEBUG` exposure, `DISALLOW_FILE_EDIT`, and `FORCE_SSL_ADMIN` status. - `login_page.py`: Added detection for CAPTCHA, 2FA plugin footprints, "Lost Password" & "Register" link analysis, and passive password policy hints. - `comment_security.py`: Added checks for comment author link `rel` attributes (nofollow, ugc, sponsored), comment moderation hints, and `wp-comments-post.php` protection. - `cron_checker.py`: Refined `wp-cron.php` accessibility checks, added `X-Robots-Tag` check, and informational notes on cron-related constants. - `debug_exposure.py`: Added checks for publicly accessible `debug.log` and Query Monitor plugin footprints. - `custom_endpoint_fuzzer.py`: Implemented deeper REST API endpoint discovery (listing routes within custom namespaces), consumption of AJAX actions from `ajax_checker.py`, basic unauthenticated probing, and a lightweight fuzzing capability (XSS, SQLi) for discovered custom endpoints. - `directory_listing.py`: Added recursive checking for `wp-content/uploads` (year/month), dynamic checking of discovered plugin/theme subdirectories, sensitive file type highlighting, and an expanded list of common directories. - `multisite_checker.py`: Improved multisite detection (HTML footprints like body classes, asset paths, `sunrise.php` presence) and deeper `wp-signup.php` analysis for user/site registration hints. - `rest_api.py` (formerly `analyze_rest_api_user_enum`): Renamed and refocused to `analyze_rest_api_general`. Now includes comprehensive listing of all REST API namespaces/routes, analysis of the API root for info disclosure, and unauthenticated checks on core endpoints (users, posts, pages, media, settings). - `security_headers.py`: Implemented detailed Content-Security-Policy (CSP) analysis (unsafe-inline/eval, broad sources, missing directives), deeper Strict-Transport-Security (HSTS) checks (max-age, includeSubDomains, preload), added checks for newer headers (COOP, COEP, CORP), and analysis of headers on `wp-login.php`. - `user_registration.py`: Added checks for CAPTCHA/anti-spam footprints, passive analysis for password strength meter indicators, heuristic checks for email verification requirements, and more detailed analysis of `wp-signup.php` in multisite contexts. - **Other Scanner Modules:** - `sqlmap_injector.py`: Added support for SQLMap tamper scripts via configuration and refined vulnerability detection from logs. - `nmap_scanner.py`: Enabled and refined Nmap XML parsing for better data extraction, added support for NSE script profiles, and included host script results in findings. - `parameter_finder.py`: Corrected `run_scan` logic for Arjun tool execution and standardized options handling. - **Exploit Intelligence (`exploit_intel/`):** - `query_builder.py`: Now leverages Nmap service information and more granular Nuclei data (tags, classification) to generate richer and more targeted exploit search queries. - `gatherer.py`: Handles structured query objects, includes basic query prioritization (CVEs first), stores results in a new `found_exploits_correlated` structure, and incorporates a confidence score for SearchSploit results based on query relevance. - `searchsploit_handler.py`: Improved JSON parsing from SearchSploit output, added extraction of "Date" and "Author" fields, and included placeholders for future exploit mirroring functionality. **3. Core Function Improvements:** - **Reporting (`reporting/generator.py` & `report_template.html`):** - Implemented HTML report generation using Jinja2. - Created `reporting/report_template.html` for structured and user-friendly HTML reports. - Updated `main.py` to call the HTML report generation function. - **State Management (`core/state.py`):** - Integrated `orjson` for potentially faster JSON serialization/deserialization. - Implemented a backup mechanism (`.bak` file) before overwriting the state file during `save_state`. - Updated internal default paths/prefixes to align with the "WPAUDIT" renaming. - **Tool Checking (`core/tool_checker.py`):** - Implemented tool version checking against configurable minimum versions using the `packaging` library. - Added more specific regex patterns for version parsing for various tools. - Updated status reporting for tool checks to be more granular (e.g., "Found (Version OK)", "Found (Version Too Low)"). - **Tool Runner (`core/tool_runner.py`):** - Improved error message for `subprocess.CalledProcessError` to include a snippet of `stderr` for better diagnostics. **4. Configuration & Documentation:** - Updated `README.md` with the new "WPAUDIT" name, revised descriptions, and updated example file names. - Updated `config/default_config.yaml` with the "WPAUDIT" name, new report/output directory defaults, and new configuration options related to module enhancements (e.g., `exploit_intel_mirror_searchsploit_exploits`). - Implicitly added `Jinja2`, `orjson`, and `packaging` to `requirements.txt` dependencies. This comprehensive suite of changes significantly advances WPAUDIT's capabilities, making it a more robust, intelligent, and user-friendly WordPress security auditing tool.
2025-05-20 00:51:10 +05:00
{% elif module_data is mapping %}
<pre>{{ module_data | tojson(indent=2) }}</pre>
{% else %}
<p>{{ module_data }}</p>
{% endif %}
</div>
</div>
{% endif %}
{% endfor %}
<h2>All Remediation Suggestions</h2>
<table>
<thead>
<tr><th>ID</th><th>Severity</th><th>Source</th><th>Description</th><th>Remediation</th></tr>
</thead>
<tbody>
{% for finding_id, details in sorted_remediations %}
<tr>
<td>{{ finding_id }}</td>
<td class="severity-{{ details.severity | lower }}">{{ details.severity | upper }}</td>
<td>{{ details.source | default('N/A') }}</td>
<td>{{ details.description }}</td>
<td>{{ details.remediation }}</td>
</tr>
{% else %}
<tr><td colspan="5">No specific remediation suggestions generated.</td></tr>
{% endfor %}
</tbody>
</table>
Basic Bug Fixed and little bit enhancement
2025-05-20 01:39:20 +05:00
{% if tool_errors %}
<h2>Tool Execution Errors</h2>
<div class="finding-block">
<p>The following errors were reported during tool execution:</p>
<ul>
{% for error in tool_errors %}
<li><code class="code">{{ error }}</code></li>
{% endfor %}
</ul>
</div>
{% endif %}
feat: Major enhancements, system rename to WPAUDIT, and core improvements This commit introduces a wide range of significant enhancements, a system-wide rename, and core architectural improvements. **1. System Renaming:** - Renamed the project from "OmegaScythe Dominator/Overlord" and "OSO" to "WPAUDIT" across all relevant files. This includes: - `README.md`: Updated project title, descriptions, and example file names. - `config/default_config.yaml`: Updated comments, `output_dir`, `report_prefix`, `default_user_agent`, and XSS fuzzing payload markers. - Python Modules (`main.py`, `core/utils.py`, `core/tool_runner.py`, `modules/wpscan_auditor.py`, `modules/nuclei_scanner.py`, `modules/exploit_intel/metasploit_handler.py`): Updated internal references, print statements, and default values to reflect "WPAUDIT". **2. Extensive Module Enhancements:** - **wp_analyzer Suite:** - `sqli_checker.py`: Added sophisticated boolean-based and time-based blind SQLi detection capabilities. - `xss_checker.py`: Expanded XSS payloads and added heuristic URL fragment checking for potential DOM XSS vectors. - `admin_area_security.py`: Added checks for alternative admin paths, common admin protection plugin footprints, and .htaccess protection heuristics. - `advanced_user_enum.py`: Implemented oEmbed and more granular REST API user enumeration techniques. - `ajax_checker.py`: Added rudimentary HTML-based AJAX action discovery and a basic parameter fuzzing framework for discovered actions. - `config_audit.py`: Implemented heuristic checks for `WP_DEBUG` exposure, `DISALLOW_FILE_EDIT`, and `FORCE_SSL_ADMIN` status. - `login_page.py`: Added detection for CAPTCHA, 2FA plugin footprints, "Lost Password" & "Register" link analysis, and passive password policy hints. - `comment_security.py`: Added checks for comment author link `rel` attributes (nofollow, ugc, sponsored), comment moderation hints, and `wp-comments-post.php` protection. - `cron_checker.py`: Refined `wp-cron.php` accessibility checks, added `X-Robots-Tag` check, and informational notes on cron-related constants. - `debug_exposure.py`: Added checks for publicly accessible `debug.log` and Query Monitor plugin footprints. - `custom_endpoint_fuzzer.py`: Implemented deeper REST API endpoint discovery (listing routes within custom namespaces), consumption of AJAX actions from `ajax_checker.py`, basic unauthenticated probing, and a lightweight fuzzing capability (XSS, SQLi) for discovered custom endpoints. - `directory_listing.py`: Added recursive checking for `wp-content/uploads` (year/month), dynamic checking of discovered plugin/theme subdirectories, sensitive file type highlighting, and an expanded list of common directories. - `multisite_checker.py`: Improved multisite detection (HTML footprints like body classes, asset paths, `sunrise.php` presence) and deeper `wp-signup.php` analysis for user/site registration hints. - `rest_api.py` (formerly `analyze_rest_api_user_enum`): Renamed and refocused to `analyze_rest_api_general`. Now includes comprehensive listing of all REST API namespaces/routes, analysis of the API root for info disclosure, and unauthenticated checks on core endpoints (users, posts, pages, media, settings). - `security_headers.py`: Implemented detailed Content-Security-Policy (CSP) analysis (unsafe-inline/eval, broad sources, missing directives), deeper Strict-Transport-Security (HSTS) checks (max-age, includeSubDomains, preload), added checks for newer headers (COOP, COEP, CORP), and analysis of headers on `wp-login.php`. - `user_registration.py`: Added checks for CAPTCHA/anti-spam footprints, passive analysis for password strength meter indicators, heuristic checks for email verification requirements, and more detailed analysis of `wp-signup.php` in multisite contexts. - **Other Scanner Modules:** - `sqlmap_injector.py`: Added support for SQLMap tamper scripts via configuration and refined vulnerability detection from logs. - `nmap_scanner.py`: Enabled and refined Nmap XML parsing for better data extraction, added support for NSE script profiles, and included host script results in findings. - `parameter_finder.py`: Corrected `run_scan` logic for Arjun tool execution and standardized options handling. - **Exploit Intelligence (`exploit_intel/`):** - `query_builder.py`: Now leverages Nmap service information and more granular Nuclei data (tags, classification) to generate richer and more targeted exploit search queries. - `gatherer.py`: Handles structured query objects, includes basic query prioritization (CVEs first), stores results in a new `found_exploits_correlated` structure, and incorporates a confidence score for SearchSploit results based on query relevance. - `searchsploit_handler.py`: Improved JSON parsing from SearchSploit output, added extraction of "Date" and "Author" fields, and included placeholders for future exploit mirroring functionality. **3. Core Function Improvements:** - **Reporting (`reporting/generator.py` & `report_template.html`):** - Implemented HTML report generation using Jinja2. - Created `reporting/report_template.html` for structured and user-friendly HTML reports. - Updated `main.py` to call the HTML report generation function. - **State Management (`core/state.py`):** - Integrated `orjson` for potentially faster JSON serialization/deserialization. - Implemented a backup mechanism (`.bak` file) before overwriting the state file during `save_state`. - Updated internal default paths/prefixes to align with the "WPAUDIT" renaming. - **Tool Checking (`core/tool_checker.py`):** - Implemented tool version checking against configurable minimum versions using the `packaging` library. - Added more specific regex patterns for version parsing for various tools. - Updated status reporting for tool checks to be more granular (e.g., "Found (Version OK)", "Found (Version Too Low)"). - **Tool Runner (`core/tool_runner.py`):** - Improved error message for `subprocess.CalledProcessError` to include a snippet of `stderr` for better diagnostics. **4. Configuration & Documentation:** - Updated `README.md` with the new "WPAUDIT" name, revised descriptions, and updated example file names. - Updated `config/default_config.yaml` with the "WPAUDIT" name, new report/output directory defaults, and new configuration options related to module enhancements (e.g., `exploit_intel_mirror_searchsploit_exploits`). - Implicitly added `Jinja2`, `orjson`, and `packaging` to `requirements.txt` dependencies. This comprehensive suite of changes significantly advances WPAUDIT's capabilities, making it a more robust, intelligent, and user-friendly WordPress security auditing tool.
2025-05-20 00:51:10 +05:00
</div>
<script>
var coll = document.getElementsByClassName("collapsible");
for (var i = 0; i < coll.length; i++) {
coll[i].addEventListener("click", function() {
this.classList.toggle("active");
var content = this.nextElementSibling;
if (content.style.maxHeight){
content.style.maxHeight = null;
} else {
content.style.maxHeight = content.scrollHeight + "px";
}
});
}
</script>
</body>
</html>
Copy permalink