Added a new scanner integration (WIP) for WPScan

Author: rfelber

integrations/wpscan/.helmignore

@@ -0,0 +1,4 @@
+.DS_Store
+
+parser/
+scanner/

integrations/wpscan/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: wpscan
+description: A Helm chart for the WordPress security Scanner that integrates with the secureCodeBox.
+
+type: application
+version: 0.1.0
+appVersion: latest
+
+keywords:
+- security
+- wpscan
+- wordpress
+- scanner
+- secureCodeBox
+home: https://www.securecodebox.io/scanner/WPScan
+icon: https://www.securecodebox.io/integrationIcons/WPScan.svg
+sources:
+- https://github.com/secureCodeBox/scanner-infrastructure-wpscan
+maintainers:
+- name: iteratec GmbH
+  email: security@iteratec.com

integrations/wpscan/parser/Dockerfile

@@ -0,0 +1,3 @@
+FROM scbexperimental/parser-sdk-nodejs:latest
+WORKDIR /home/app/parser-wrapper/parser/
+COPY --chown=app:app ./parser.js ./parser.js

integrations/wpscan/parser/__testFiles__/empty-localhost.json

@@ -0,0 +1,2 @@
+{
+}

integrations/wpscan/parser/__testFiles__/example-latest.json

@@ -0,0 +1,228 @@
+{
+    "banner": {
+      "description": "WordPress Security Scanner by the WPScan Team",
+      "version": "3.8.1",
+      "authors": [
+        "@_WPScan_",
+        "@ethicalhack3r",
+        "@erwan_lr",
+        "@firefart"
+      ],
+      "sponsor": "Sponsored by Automattic - https://automattic.com/"
+    },
+    "start_time": 1591480247,
+    "start_memory": 41349120,
+    "target_url": "https://www.example.com/",
+    "target_ip": "192.168.200.100",
+    "effective_url": "https://www.example.com/",
+    "interesting_findings": [
+      {
+        "url": "https://www.example.com/",
+        "to_s": "Headers",
+        "type": "headers",
+        "found_by": "Headers (Passive Detection)",
+        "confidence": 100,
+        "confirmed_by": {
+  
+        },
+        "references": {
+  
+        },
+        "interesting_entries": [
+          "Server: Apache/2.4.29 (Ubuntu)"
+        ]
+      },
+      {
+        "url": "https://www.example.com/robots.txt",
+        "to_s": "https://www.example.com/robots.txt",
+        "type": "robots_txt",
+        "found_by": "Robots Txt (Aggressive Detection)",
+        "confidence": 100,
+        "confirmed_by": {
+  
+        },
+        "references": {
+  
+        },
+        "interesting_entries": [
+          "/wp-admin/",
+          "/wp-admin/admin-ajax.php"
+        ]
+      },
+      {
+        "url": "https://www.example.com/readme.html",
+        "to_s": "https://www.example.com/readme.html",
+        "type": "readme",
+        "found_by": "Direct Access (Aggressive Detection)",
+        "confidence": 100,
+        "confirmed_by": {
+  
+        },
+        "references": {
+  
+        },
+        "interesting_entries": [
+  
+        ]
+      },
+      {
+        "url": "https://www.example.com/wp-content/mu-plugins/",
+        "to_s": "This site has 'Must Use Plugins': https://www.example.com/wp-content/mu-plugins/",
+        "type": "mu_plugins",
+        "found_by": "Direct Access (Aggressive Detection)",
+        "confidence": 80,
+        "confirmed_by": {
+  
+        },
+        "references": {
+          "url": [
+            "http://codex.wordpress.org/Must_Use_Plugins"
+          ]
+        },
+        "interesting_entries": [
+  
+        ]
+      },
+      {
+        "url": "https://www.example.com/wp-cron.php",
+        "to_s": "The external WP-Cron seems to be enabled: https://www.example.com/wp-cron.php",
+        "type": "wp_cron",
+        "found_by": "Direct Access (Aggressive Detection)",
+        "confidence": 60,
+        "confirmed_by": {
+  
+        },
+        "references": {
+          "url": [
+            "https://www.iplocation.net/defend-wordpress-from-ddos",
+            "https://github.com/wpscanteam/wpscan/issues/1299"
+          ]
+        },
+        "interesting_entries": [
+  
+        ]
+      }
+    ],
+    "version": {
+      "number": "5.3.3",
+      "release_date": "2020-04-29",
+      "status": "latest",
+      "found_by": "Rss Generator (Passive Detection)",
+      "confidence": 100,
+      "interesting_entries": [
+        "https://www.example.com/feed/, <generator>https://wordpress.org/?v=5.3.3</generator>",
+        "https://www.example.com/comments/feed/, <generator>https://wordpress.org/?v=5.3.3</generator>"
+      ],
+      "confirmed_by": {
+  
+      },
+      "vulnerabilities": [
+  
+      ]
+    },
+    "main_theme": {
+      "slug": "twentyseventeen",
+      "location": "https://www.example.com/wp-content/themes/twentyseventeen/",
+      "latest_version": "2.3",
+      "last_updated": "2020-03-31T00:00:00.000Z",
+      "outdated": true,
+      "readme_url": "https://www.example.com/wp-content/themes/twentyseventeen/README.txt",
+      "directory_listing": false,
+      "error_log_url": null,
+      "style_url": "https://www.example.com/wp-content/themes/twentyseventeen/style.css?ver=5.3.3",
+      "style_name": "Twenty Seventeen",
+      "style_uri": "https://wordpress.org/themes/twentyseventeen/",
+      "description": "Twenty Seventeen brings your site to life with header video and immersive featured images. With a focus on business sites, it features multiple sections on the front page as well as widgets, navigation and social menus, a logo, and more. Personalize its asymmetrical grid with a custom color scheme and showcase your multimedia content with post formats. Our default theme for 2017 works great in many languages, for any abilities, and on any device.",
+      "author": "the WordPress team",
+      "author_uri": "https://wordpress.org/",
+      "template": null,
+      "license": "GNU General Public License v2 or later",
+      "license_uri": "http://www.gnu.org/licenses/gpl-2.0.html",
+      "tags": "one-column, two-columns, right-sidebar, flexible-header, accessibility-ready, custom-colors, custom-header, custom-menu, custom-logo, editor-style, featured-images, footer-widgets, post-formats, rtl-language-support, sticky-post, theme-options, threaded-comments, translation-ready",
+      "text_domain": "twentyseventeen",
+      "found_by": "Css Style In Homepage (Passive Detection)",
+      "confidence": 100,
+      "interesting_entries": [
+  
+      ],
+      "confirmed_by": {
+        "Css Style In 404 Page (Passive Detection)": {
+          "confidence": 70,
+          "interesting_entries": [
+  
+          ]
+        }
+      },
+      "vulnerabilities": [
+  
+      ],
+      "version": {
+        "number": "2.2",
+        "confidence": 80,
+        "found_by": "Style (Passive Detection)",
+        "interesting_entries": [
+          "https://www.example.com/wp-content/themes/twentyseventeen/style.css?ver=5.3.3, Match: 'Version: 2.2'"
+        ],
+        "confirmed_by": {
+  
+        }
+      },
+      "parents": [
+  
+      ]
+    },
+    "plugins": {
+      "akismet": {
+        "slug": "akismet",
+        "location": "https://www.example.com/wp-content/plugins/akismet/",
+        "latest_version": "4.1.6",
+        "last_updated": "2020-06-04T17:21:00.000Z",
+        "outdated": false,
+        "readme_url": false,
+        "directory_listing": false,
+        "error_log_url": null,
+        "found_by": "Known Locations (Aggressive Detection)",
+        "confidence": 80,
+        "interesting_entries": [
+          "https://www.example.com/wp-content/plugins/akismet/, status: 403"
+        ],
+        "confirmed_by": {
+  
+        },
+        "vulnerabilities": [
+          {
+            "title": "Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)",
+            "fixed_in": "3.1.5",
+            "references": {
+              "cve": [
+                "2015-9357"
+              ],
+              "url": [
+                "http://blog.akismet.com/2015/10/13/akismet-3-1-5-wordpress/",
+                "https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html"
+              ],
+              "wpvulndb": [
+                "8215"
+              ]
+            }
+          }
+        ],
+        "version": null
+      }
+    },
+    "vuln_api": {
+      "plan": "free",
+      "requests_done_during_scan": 4,
+      "requests_remaining": 18
+    },
+    "stop_time": 1591480342,
+    "elapsed": 94,
+    "requests_done": 2335,
+    "cached_requests": 9,
+    "data_sent": 631774,
+    "data_sent_humanised": "616.967 KB",
+    "data_received": 1093069,
+    "data_received_humanised": "1.042 MB",
+    "used_memory": 272867328,
+    "used_memory_humanised": "260.227 MB"
+  }