venantvr-security/python-wpscan-wpvuln-enricher

# WPScan WPVuln Enricher [](https://github.com/venantvr-security/python-wpscan-wpvuln-enricher) [](https://www.wpvulnerability.net/api/plugins/) [](https://python.org/) [](https://ghcr.io/venantvr-security/python-wpscan-wpvuln-enricher) ## Docker 镜像 ``` docker pull ghcr.io/venantvr-security/python-wpscan-wpvuln-enricher:latest ``` 一个 secureCodeBox hook，用于从 [WPVulnerability API](https://www.wpvulnerability.net/) 获取已知漏洞数据来丰富 WPScan 的发现结果。 ## 概述 该 hook 自动处理 WPScan 结果并查询 WPVulnerability 数据库，为每个检测到的 WordPress 插件添加详细的漏洞信息。 ``` flowchart LR A[WPScan] --> B[Findings JSON] B --> C[WPVuln Enricher] C <--> D[(WPVulnerability API)] C --> E[Enriched Findings] style A fill:#2d6a4f,color:#fff style C fill:#f9f,stroke:#333 style D fill:#bbf,stroke:#333 style E fill:#95d5b2,stroke:#333 ``` ## API 兼容性 | Enricher 版本 | API 版本 | API 端点 | 状态 | |------------------|-------------|--------------|--------| | 1.0.0 | 2024-01 | `www.wpvulnerability.net` | 当前 | ## 工作原理 ``` sequenceDiagram participant SCB as secureCodeBox participant Hook as WPVuln Enricher participant API as WPVulnerability API Hook->>API: Health check (startup) API-->>Hook: OK / 410 Gone SCB->>Hook: READ_FILE (findings.json) Hook->>Hook: Extract plugin slugs Note over Hook,API: Parallel threads Hook->>API: GET /plugin/contact-form-7 Hook->>API: GET /plugin/elementor Hook->>API: GET /plugin/yoast-seo API-->>Hook: Vulnerabilities data Hook->>Hook: Convert to secureCodeBox format Hook->>SCB: WRITE_FILE (enriched findings) ``` ## 功能特性 - **最小依赖** - 仅依赖 `requests` 库 - **并行处理** - 使用 ThreadPoolExecutor 进行并发 API 调用 - **自动重试** - 网络故障时重试 3 次，间隔 2 秒 - **Distroless 镜像** - 多阶段构建生成安全的容器 - **严重性映射** - 基于 CVSS 严重性进行自动分类 - **API 弃用检测** - 如果 API 版本不兼容则快速失败 - **Docker 构建中运行测试** - 在镜像构建期间运行单元测试 ## 严重性分类 严重性源自 WPVulnerability API 提供的 CVSS 评分： | CVSS 严重性 | secureCodeBox 严重性 | |---------------|------------------------| | CRITICAL | HIGH | | HIGH | HIGH | | MEDIUM | MEDIUM | | LOW | LOW | ## 安装说明 ### 前置条件 - 安装了 secureCodeBox 的 Kubernetes 集群 - 已配置 WPScan 扫描器 ### 部署 Hook ``` kubectl apply -f hook.yaml ``` 该 hook 将自动附加到所有带有标签 `scanType: wpscan` 的扫描任务上。 ## 配置说明 ### 环境变量 | 变量 | 描述 | 默认值 | |----------|-------------|---------| | `READ_FILE` | 输入发现结果 JSON 文件路径 | `/tmp/findings.json` | | `WRITE_FILE` | 输出丰富后的发现结果路径 | `/tmp/findings.json` | ### 资源限制 `hook.yaml` 中的默认资源配置： ``` resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "128Mi" cpu: "200m" ``` ## 架构 ``` graph LR subgraph Kubernetes A[Scan Controller] -->|Scan Complete| B[Hook Controller] B -->|Mount findings| C[WPVuln Enricher Pod] end C -->|REST API| D[(WPVulnerability API)] style C fill:#f9f,stroke:#333 style D fill:#bbf,stroke:#333 ``` ## 输出格式 该 hook 以 secureCodeBox 格式生成发现结果： ``` { "id": "550e8400-e29b-41d4-a716-446655440000", "name": "[WPVuln] Contact Form 7 - Reflected XSS", "description": "The plugin does not sanitize input properly. (fixed in 5.8.4)", "category": "WordPress Plugin Vulnerability", "location": "https://example.com", "osi_layer": "APPLICATION", "severity": "MEDIUM", "attributes": { "plugin_slug": "contact-form-7", "plugin_name": "Contact Form 7", "wpvuln_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", "fixed_in": "5.8.4", "cvss_score": "6.1", "cve": ["CVE-2024-12345"], "cwe": ["CWE-79"], "references": ["https://www.cve.org/CVERecord?id=CVE-2024-12345"] }, "false_positive": false } ``` ## 构建说明 ### 运行测试 ``` pip install -r requirements.txt pytest -v tests/ ``` ### 本地执行 ``` pip install -r requirements.txt python main.py ``` ### Docker 构建 测试会在 Docker 构建期间自动运行。如果测试失败，构建也会失败。 ``` docker build -t python-wpscan-wpvuln-enricher:latest . ``` ### 检查镜像标签 ``` docker inspect python-wpscan-wpvuln-enricher:latest --format='{{json .Config.Labels}}' | jq ``` 预期输出包括： ``` { "com.wpvulnerability.api-version": "2024-01", "org.opencontainers.image.version": "1.0.0" } ``` ## 使用示例 ### 手动执行 ``` export READ_FILE=./examples/wpscan-findings.json export WRITE_FILE=./enriched-findings.json python main.py ``` ### 配合 secureCodeBox 使用 ``` # 运行 WPScan kubectl apply -f - < B{WordPress Plugin?} B -->|No| C[Skip] B -->|Yes| D[Extract slug] D --> E[(WPVulnerability API)] E --> F{Found?} F -->|No| G[Log] F -->|Yes| H[Create findings] H --> I[Merge] C --> I G --> I I --> J[Output: Enriched Findings] style A fill:#fff3b0,stroke:#333 style J fill:#95d5b2,stroke:#333 style E fill:#bbf,stroke:#333 ``` ## 项目结构 ``` . ├── main.py # Main application code (commented for beginners) ├── requirements.txt # Python dependencies ├── Dockerfile # Multi-stage Docker build (distroless) ├── hook.yaml # secureCodeBox hook manifest ├── README.md # This file ├── docs/ │ └── DOCKER.md # Docker commands cheat sheet ├── tests/ │ ├── test_main.py # Unit tests (15+ tests with pytest) │ └── test_parser.py # Parser unit tests ├── examples/ │ ├── wpscan-findings.json # Sample WPScan input │ └── wpvulnerability-api-response.json # Sample API response └── postman/ └── WPVulnerability-API.postman_collection.json # Postman collection ``` ## 许可证 MIT ## 相关项目 - [secureCodeBox](https://github.com/secureCodeBox/secureCodeBox) - [WPScan](https://wpscan.com/) - [WPVulnerability API](https://www.wpvulnerability.net/)

标签：CMS安全, CVE, DevSecOps, Docker, Hook, JavaScript, Python, secureCodeBox, Web安全, Web截图, WordPress, WPScan, WPVulnerability API, XSS, 上游代理, 子域名突变, 安全扫描, 安全防御评估, 容器安全, 开源安全工具, 插件安全, 数字签名, 无后门, 时序注入, 漏洞增强, 漏洞情报, 结构化查询, 自动化安全, 蓝队分析, 请求拦截, 逆向工具, 逆向工程平台