This tool will collect all vulnerabilities (from vulners.com and/or wpvulndb.com) for defined keywords generate a HTML report. Additionally, the report will be sent as an email to defined recipients.
Here you can see how the email report will look like:
First of all, you will need to get yourself some API Keys.
Create a vulners account then navigate to https://vulners.com/userinfo. Unter the tab "API KEYS", select scope "api", license "free" and enter your public IP where vulnrep will be running. Copy the API key and paste it into "subscriptions.json" under "apikeyVulners".
Create a WPVulnDB account then navigate to https://wpvulndb.com/users/edit. Copy / Generate the API key and paste it into "subscriptions.json" under "apikeyWPVulnDB".
All configuration is done in three JSON files, "subscriptions.json", "history.json" and "email.json". Those JSON files need to be in the same directory as the JAR.
Subscriptions contains your API keys as well all of the wordpress plugins and keywords you are interested in.
{
"apikeyVulners": "****************",
"apikeyWPVulnDB": "****************",
"entries":[
{
"name":"custom_wpvulndb_plugin" ,
"plugins":[
"duplicate-post","polylang","post-types-definitely","regenerate-thumbnails"
]
},{
"name":"chrome" ,
"cvss": 5.0
},{
"name":"firefox" ,
"cvss": 5.0
}
]
}
This JSON contains all settings related to the e-mail report.
{
"recipients":[ "recipient@domain.ch" ],
"sender": {
"address": "sender@domain.ch",
"host": "smtp.domain.ch",
"port":25,
"user":"sender@domain.ch",
"password":"*****************",
"subject":"Vulnerability Report <d>",
"secure":true,
"trustall":false
}
}
This JSON file will store all reported vulnerabilities
{
"history": [
],
"deleteAfter": {
"days": 60
}
}
java -jar VulnerabilityReporting.jar 5d
Where 5d means get me all the vulnerabilities published in the last 5 days of the keywords defined in subscriptions.json, which I have not seen yet. You can use h for hours and m for minutes too. The report HTML file will be saved in the same directory the JAR resides in.
In order to automate this, I use a cron job:
$ env EDITOR=nano crontab -e
# run every sunday morning at 0700
0 7 * * 0 cd /opt/vulnrep; java -jar VulnerabilityReporting.jar