Wp Plugin Scanner

1. #!/usr/bin/python
2.  
3. #Wordpress Plugin Scanner By DeMoN ( Guardiran Security Team )
4. #Site : Guardiran.org
5.  
6. #About Team :
7. #GuardIran security team is an independent group whose laws are not inconsistent
8. #with the policy of the Islamic Republic of Iran. GuardIran security team
9. #began its activity in 1393 and the team's goal of securing Iranian sites and servers.
10. #Our team is always ready to defend the frontiers of Iran's cyber our beloved land
11.  
12. #Usage Scan : python wp-plugin-scanner.py -t <UrlTarget>
13. #Get Help : python wp-plugin-scanner.py -h  
14.  
15. import argparse
16. import urllib2
17. import json
18. import re
19.  
20. line = "\n**************************************\n"
21. agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"
22. parser = argparse.ArgumentParser(description='WordPress Plugin Scanner')
23. parser.add_argument('-t' , '--target', help='The target url', required=True)
24. args = parser.parse_args()
25.  
26. def getVulnerabilities( pluginName ):
27.     response = httpGet("https://wpvulndb.com/api/v1/plugins/" + pluginName)
28.    
29.     if response == None:
30.         return ' Not Vulnerable'
31.    
32.     results = json.loads(response)
33.     msg = ''
34.    
35.     if results['plugin']:
36.         if results['plugin']['vulnerabilities']:
37.             vulnerabilitiesArray = results['plugin']['vulnerabilities']
38.             for vul in vulnerabilitiesArray:
39.                 msg = msg + "\n" + vul['title']
40.                
41.     return msg
42.  
43. def httpGet( url ):
44.     try:
45.        req = urllib2.Request(url)
46.        req.add_unredirected_header('User-Agent', agent)
47.        response = urllib2.urlopen(req)
48.     except urllib2.HTTPError, e:
49.         return None;
50.     return response.read()
51.  
52. if args.target is not None:
53.         print '''
54.  
55. __      __                .___                                  
56. /  \   /  \___________  __| _/____________   ____   ______ ______
57. \  \/\/   /  _ \_  __ \/ __ |\____ \_  __ \_/ __ \ /  ___//  ___/
58. \       (  <_> )  | \/ /_/ ||  |_> >  | \/\ ___/ \___ \ \___ \
59.  \__/\ / \____/|__|  \____ ||   __/|__|    \___  >____  >____  >
60.       \/                   \/|__|               \/     \/     \/
61. __________.__               .__                                  
62. \______   \ |  __ __  ____ |__| ____                            
63. |     ___/  | |  |  \/ ___\|  |/    \                          
64. |    |   |  |_|  |  / /_/  >  |   |  \                          
65. |____|   |____/____/\___  /|__|___|  /                          
66.                    /_____/         \/                            
67.  _________                                                      
68. /   _____/ ____ _____    ____   ____   ___________              
69. \_____  \_/ ___\\__  \ /    \ /    \_/ __ \_  __ \            
70. /        \ \___ / __ \|   |  \  |  \ ___/|  | \/              
71. /_______  /\___  >____  /___|  /___|  /\___  >__|                
72.        \/     \/     \/     \/     \/     \/                    
73.  
74. ==================================
75. # Tools By : DR-IMAN             #
76. # Team : Guardiran Security Team #
77. # Site : Guardiran.org           #
78. ==================================
79.  
80. '''
81.         print "Scanning...\n"
82.    
83.     html = httpGet(args.target)
84.     plugins = re.findall('\/wp-content\/plugins\/(.*?)\/', html, re.DOTALL)
85.     plugins = set(plugins)
86.    
87.     print line+" ......::: RESULT :::...... "+line
88.    
89.     pluginsCount = len(plugins)
90.    
91.     if pluginsCount == 0:
92.         print "No vulnerabilities were found.\n" + "Try checking manually.\n\n"+line
93.     else:
94.         print str(pluginsCount) + " plugins were detected"
95.         for plugin in plugins:
96.             vulnerabilities = getVulnerabilities(plugin)
97.             print line+"# "+plugin+line + vulnerabilities
98.  
99.     print line