Code Monkey home page Code Monkey logo

nuclei-wordfence-cve's Introduction

Nuclei + Wordfence = ♥

36,406 Nuclei Templates for WordPress Security Scanning 🥳

GitHub Workflow Status pre-commit Templates added

Level up your WordPress security game! This project's got a treasure trove of fresh Nuclei templates for WordPress. Scan for weaknesses in Core, plugins, and themes – all based on the latest intel from Wordfence.com.

Here's why this is your new best friend:

  • Massive collection: No more hunting for individual templates, you've got a whole arsenal at your fingertips.
  • Always on point: These templates stay updated with the freshest threats, so you're never behind the curve.
  • Open source magic: Need to tweak a template for a specific situation? No problem, you've got full control.

If you're guarding a WordPress site, this project is your secret weapon to identify vulnerabilities before the bad guys do. Stop wasting time and secure your sites like a pro!

Tip

If you found this project helpful, please consider giving it a star on GitHub. Your support helps to make this project even better. 🌟

What's in it?!

category total
wp-plugins 33,849
wp-themes 1,817
wp-core 733
other 16
severity total
info 7
low 14,013
medium 12,199
high 7,341
critical 2,845

Installation

To install this nuclei-wordfence-cve repository for use with Nuclei, you can use the following commands:

export GITHUB_TEMPLATE_REPO=topscoder/nuclei-wordfence-cve
nuclei -update-templates

Usage

Once you have installed this template repo using the commands above, you can run the following command to scan for vulnerabilities using Nuclei:

nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.com

Examples

Here are some examples how to use the templates:

  • To scan for all known vulnerabilities in WordPress, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -u https://target.com
  • To scan for a CVE specific vulnerability, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -template-id cve-2023-32961 -u https://target.com
  • To scan only for critical vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -severity critical -u https://target.com
  • To scan only for WordPress core vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-core -u https://target.com
  • To scan only for WordPress plugin vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin -u https://target.com
  • To scan only for WordPress theme vulnerabilities, you can run the following command:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-theme -u https://target.com
  • To go wild, you can combine and combine and combine:
nuclei -t github/topscoder/nuclei-wordfence-cve -tags wp-plugin,wp-theme -severity critical,high
  • To go even wilder, you can use the template condition flag (-tc) that allows complex expressions like the following ones:
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'cross-site scripting') || contains(to_upper(name),'XSS')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'sql injection') || contains(to_lower(description),'sql injection')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_lower(name),'file inclusion') || contains(to_lower(description),'file inclusion')" -u https://target.com
nuclei -t github/topscoder/nuclei-wordfence-cve -template-condition "contains(to_upper(name),'CSRF') || contains(to_upper(description),'CSRF')" -u https://target.com

Contributing

If you would like to contribute to this project, please feel free to fork the repository and submit a pull request.

Protecting Customized Templates

To prevent accidental overwrites, you can mark templates you've manually customized with a comment at the end. Add the line # Enhanced as the last line of the template file.

License

This project is licensed under the MIT License.

Contact

If you have any questions or feedback, please feel free to contact the project maintainers.

~~ Please use it responsibly!

nuclei-wordfence-cve's People

Contributors

actions-user avatar bober182 avatar topscoder avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

mysecurityhacktools attacker-codeninja counterterrorismp 3r9b0dy bywalks loppower skysnotes slooppe umarahmad200 ltfafei wuha0926 tharana rafinbiswas0 dz-test ronin-dojo isiaon danzee1 ethicalsecurity-agency fatihegbatan haxormad pcoder7 hussainkhan199 gmh5225 kau503 kokyisoe r4ds3c doytsujin dhrubo11 dalaho-bangin razorshaleh affilares r3l1c7 peacedata0 sqilver b1luuu emadyay mdiqbalahmad wisdark cckuailong raytheon0x21 rehan6658 adelittle xcalibure2 dviros the-valluvarsploit j3eyond mathzrocha ducluongtran9121 hakimkt m007p ucarepwn m00zh33 hxlxmjxbbxs chanpu9 noorahsmith dk4trin codeanddie svorma kclinsd shellbr3ak theeeclipse tz0385 keaganartfin superoldman96 cyber-aesthetic marcio861 zeroc00i reztdev acodervic mrtnrdl huohu666 5l1v3r1 momika233 abosameh xmosg0d petrescugit general0321 sahar042 vinnyvinoth banshee444 chriszoc closedbook1290 rootshellx rahim7x vpilat p300null

nuclei-wordfence-cve's Issues

Themes Matchers

Hey,

Just as a heads up when going for themes and looking at style.css please add some more matchers to remove any false positives.

something like

License URI:
License:
Author URI:

had a load of false positives with soledad and noticed it needed to have more separate matches to ensure it's not a false positive.

adding them as additional matchers should ensure that any match is a hit.

deprecated protocol syntax, update before v2.9.5 nuclei

Yooo, man, you work is awesome!!
But i want to point you this thing:

nuclei -l test.txt -t ~/nuclei-wordfence-cve

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.3

                projectdiscovery.io

[WRN] Found 9637 templates loaded with deprecated protocol syntax, update before v2.9.5 for continued support.

[WRN] Found 14 templates with syntax warning (use -validate flag for further examination)
[WRN] Found 2 templates with syntax error (use -validate flag for further examination)
[INF] Current nuclei version: v2.9.3 (latest)
[INF] Current nuclei-templates version: v9.4.3 (latest)
[INF] New templates added in latest release: 55
[INF] Templates loaded for current scan: 9651
[INF] Targets loaded for current scan: 3
[INF] Running httpx on input host
[INF] Found 3 URL from httpx
[INF] Templates clustered: 6534 (Reduced 17772 Requests)

2024 CVEs?

I was checking for 2024 CVE checks (CVE-2024-1071, for example) but couldn't find any. Am I missing them? Is Wordfence stopping using 2024 CVE checks?

Incorrection version matcher for wordpress-94ffba477783a49fe859db6d419a4e64

The given version matcher in the Wordfence API data is

"[5.8, 5.8.3)": {
    "from_version": "5.8",
    "from_inclusive": true,
    "to_version": "5.8.3",
    "to_inclusive": false
}

which is rendered to compare_versions(version_by_generator, '>= 5.8', '<= 5.8.3') but should be rendered to compare_versions(version_by_generator, '>= 5.8', '< 5.8.3')

Broken Templates

In Nuclei 2.9.6

i keep seeing stuff like.

[WRN] [CVE-2022-1329] Malformed constraint: [*
[WRN] [contact-form-7-dynamic-text-extension-d41d8cd98f00b204e9800998ecf8427e] Malformed constraint: [*
[WRN] [woocommerce-bcfd92127d866e6d2528fdd01d6e754f] Malformed constraint: [*
[WRN] [wordpress-seo-5b316ec034c3e89248a94177aa62ceaf] Malformed constraint: [*
[WRN] [cluster-a81cdb72a13f1ab41d1857f48142d7c439d2c3a7211904a309a5a3b8081139f9] Malformed constraint: [*
[WRN] [cluster-a81cdb72a13f1ab41d1857f48142d7c439d2c3a7211904a309a5a3b8081139f9] Malformed constraint: [*
[WRN] [CVE-2022-25617] Malformed constraint: [*
[WRN] [CVE-2021-25008] Malformed constraint: [*

i suspect some of the templates could be broken or need regenerating.

Use The API instead of Scraping?

Not sure if you are aware, but Wordfence does provide an API for the Vulnerability Data Feed. It's free and and would be much easier to maintain the tool. The API is versioned and well documented to avoid causing breaking changes if the version is updated or the viewable page formats change. https://www.wordfence.com/intelligence-documentation/v2-accessing-and-consuming-the-vulnerability-data-feed/

Full disclosure: I work for Wordfence. This came to our attention and would be a perfect use case for the API.

a lot of templates are broken

for example

nuclei -t wordpress/nuclei-wordfence-cve/nuclei-templates/cve-less/unknown/zoner-d41d8cd98f00b204e9800998ecf8427e.yaml  -validate


                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.8

                projectdiscovery.io

[ERR] Error occurred loading template wordpress/nuclei-wordfence-cve/nuclei-templates/cve-less/unknown/zoner-d41d8cd98f00b204e9800998ecf8427e.yaml: Could not load template wordpress/nuclei-wordfence-cve/nuclei-templates/cve-less/unknown/zoner-d41d8cd98f00b204e9800998ecf8427e.yaml: yaml: line 6: did not find expected key
[FTL] Could not validate templates: errors occured during template validation

https://github.com/topscoder/nuclei-wordfence-cve/blob/main/nuclei-templates/cve-less/unknown/zoner-d41d8cd98f00b204e9800998ecf8427e.yaml

image

the description should be

  description:  The "Zoner - Real Estate WordPress Theme" theme for WordPress is vulnerable to Cross-Site Scripting via the 'Address' field in versions before 4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.

not

  description: "The "Zoner - Real Estate WordPress Theme" theme for WordPress is vulnerable to Cross-Site Scripting via the 'Address' field in versions before 4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser."

fusion-builder

Hey,

Just to say fusion-builder CVE's there are 5 templates that need fixing as they do not conform to the normal wp standard readme.

No version number can be found as far as i know but the readme will look like.

=== Avada Builder ===
Requires at least: 4.5
Requires PHP: 5.6

and thats it.

I found it's easier to check the main wordpress page and use the following.


 extractors:
      - type: regex
        name: version
        part: body
        group: 1
        internal: true
        regex:
          - 'awb-off-canvas\.js\?ver=((\d+\.?)+)\b'

      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - 'awb-off-canvas\.js\?ver=((\d+\.?)+)\b'
          ```

tags

Hey,

Absolutely love the work here is there a way it can automatically add to the tags if it's XSS/LFI/RCE/auth-bypass etc?

Cheers,
Robbie

CVE-2020-6009 - Incorrect Path

Hey,

It looks like there is no readme.txt with this plugin. Only way seems to check the CSS/Js files being loaded on the main page.

I've changed the template to do the following and confirmed this works

http:
  - method: GET
    redirects: true
    max-redirects: 3
    path:
      - "{{BaseURL}}/"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "sfwd-lms"
        part: body

      - type: dsl
        dsl:
          - compare_versions(version, '<= 3.1.5')

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        internal: true
        regex:
          - '(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)'

      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - '(?mi)learndash_quiz_front.min.css\?ver=([0-9]+\.[0-9]+\.[0-9]+)'
        ```

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.