Skip to content

AndreaFiocchi/wp-static-vulnerability-analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
WPAnalyzer.py
WPAnalyzer.py
 
 

Repository files navigation

WordPress utility for Static Vulnerability Analysis

A CLI static code analysis tool for WordPress vulnerability research. Scans for common security issues - visually distinguishing between escaped and unescaped code - allowing to quickly and recursively move inside the code.

Not everything is working yet. If you like the idea come check it back later.

This is shameless vibecoding, created for personal use, and working better than expected. Why? Because my recent bash_history has too many greps for my liking. If it gets some attention I will expand its capabilities and widen its purpose to additional CMS/Frameworks and eventually languages. I will probably also integrate it with an LLM over API so we can all train our AI Overlords and become unemployed faster.

Features

  • Multiple vulnerability types: XSS, SQLi, LFI, file upload, path traversal - MORE COMING SOON
  • Smart escaping detection: Recognizes PHP and WordPress security functions
  • Priority classification: Intelligentlly-ish separates high-risk from properly escaped findings (WIP)
  • Interactive mode: Real-time analysis with command history
  • Function extraction: View complete function definitions, either by name or around a finding
  • Syntax highlighting: Enhanced code visualization, with visual aid for user inputs and escaping methods
  • Copy to clipboard: For reporting. Or more realisticly to slap it in your favourite LLM - No judgement!

Requirements

pip install pygments pyperclip

Usage

Put the .py file in /wp-content/plugins/ and run it.

Basic Scanning

# Interactive mode
python3 analyzer.py interactive
> scan lfi
> find $sus_var
> find $next_sus_var -C 3
> lookup 3

Vulnerability Types

MORE COMING SOON!

  • xss - Cross-Site Scripting
  • sqli - SQL Injection
  • lfi - Local File Inclusion
  • file_upload - File Upload Issues
  • path_traversal - Directory Traversal

Sample Output

Scan Results for XSS:

#1 - XSS [HIGH - UNESCAPED]
File: ./plugin.php
Line: 45
Pattern: echo\s+.*\$
────────────────────────────────────────────────────────────────────────────────
Code: echo $_GET['user_input'];
════════════════════════════════════════════════════════════════════════════════

Interactive Commands

scan xss -C 3          # Scan with context. -C N means N line before and after match
lookup 5               # Shows the whole code of the function where the finding is. Can also take function name
find $sus_variable     # Search codebase for $sus_variable, can also get context with -C
!grep | sed            # Execute shell commands. Because grep | sed is still more powerful.
copy                   # Copy output to clipboard. -p to prepend Prompt to let AIs do your job.

!rm -rf ./             # Unleash your frustration.

License

MIT License

About

Very intuitive PHP Static Vulnerability Analysis tool for Wordpress

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages