Plugin: Exploit Scan
core file modifications, file integrity check, core files tampered, verify checksum
Eto, sad sam tek saznao da mogu da kucam i:
wp core verify-checksums
ali ladno može i ovo:
wp plugin verify-checksums --all --debug=false
Health Check & Troubleshooting između ostalog ima i oficijelni core-files hash integrity check i to mi najviše znači.
Check that WordPress files have not been tampered with The File Integrity checks all the core files with the checksums provided by the WordPress API to see if they are intact.
When in troubleshooting mode all plugins are disabled and default theme is activated. This is only for you and it does not affect other site visitors. Odlična opcija “Troubleshooting” will give you all plugins disabled and a default theme, but only for you and only for that session until log out.
Manje bitne stvari, ali opet korisne: Check that emails can be sent as The Mail Check will invoke the wp_mail() function and check if it succeeds.
System Dashboard provides centralized dashboard to monitor server components, at repo qriouslad/system-dashboard. Notable modules are “Logs > Email Delivery” as Email Log, “Logs > PHP Errors” that is essentialy debug.log viewer, module with folder sizes, etc. Plugin uopšte nije naivan.
Local malware and exploit scan
I need a plugin that scans files for suspicious patterns (base64_decode, eval, uudecode, etc) and database for posts and comments with suspicious text (iframe, noscript, etc).
I am testing these plugins on real infected site where there was script WSO Web Shell exploit in file cache.php seeded inside uploads folder.
Exploit Scanner by author donncha works for Automattic so this plugin is really safe, but not up-to-date.
Warning: It needs to have Wordress core hashes. If not, when I tested, it found 550 matches and in that way effectively has hide the real threat. Simply too much information and false positives specifying a lot of regular WP files.
How to obtain core hashes if they are nonexistant:
- must enable
allow_url_fopenor it won’t be possible to generate WordPress core hashes if they are missing - Run
/wp-content/plugins/exploit-scanner/hashes-generator.phpto generate hashes for latest WordPress, and manually upload a file to plugin dir. - You will usually find those hashes already created in philipjohn/exploit-scanner-hashes repository, but don’t forget to look in pull requests that are not merged yet.
Even with valid hashes, it had too much warnings to be useful. Found my malware, along with a dozen of others.
-
Wemahu is a beautiful idea, but they decided to discontinue it. Didn’t found my malware.
-
AntiVirus is checking only themes directory. No feedback and therefore not very usable.
-
WP Doctor seems little amateur-ish, and it didn’t detect my exploit.
Sources:
Monitor File Changes
monitor file modifications
Ovaj baš radi to: WordPress File Monitor nije baš updated, ali sledeći jeste: Website File Changes Monitor
WordPress: Vulnerability Scanners
vulnerability scanner
WordPress vulnerability scanners / Malware Scanner
WPScan by the WPScan Team Nikto2
Sucuri SiteCheck Gravityscan Website Security Check - Unmask Parasites
Free Tools to Scan Your WordPress Website for Vulnerabilities
Website Security | Recurring, Affordable, and Usable
Sources:
WPScan and WPScan database
Tool to use as WordPress vulnerability scanner: wpscanteam/wpscan How To Use WPScan to Test for Vulnerable Plugins and Themes in Wordpress | DigitalOcean
How To Scan And Check A WordPress Website Security Using WPScan, Nmap, And Nikto
GPL fork is delvelabs/vane
Vulnerability database for WPScan: WordPress Plugin Vulnerabilities
Or use preinstalled environment: wpscanteam/docker-wpscan
Test in docker:
sudo docker run -t -i --name wpscan wpscanteam/wpscan bash
sudo docker start wpscan
sudo docker exec -it wpscan bash
Update wpscan:
ruby wpscan.rb --update
Also, great toturials: Online Vulnerability Scanners and Port Scans
Nešto iz 2020:
Exploit Scanners?
Security & Firewall – MalCare Security Malware Scanner Security & Malware scan by CleanTalk Defender WordPress Security, Malware Detection, and Firewall NinjaScanner – Virus & Malware scan malCure Malware Scanner & Firewall All In One WP Security & Firewall
I wanted to check some PHP code for malware:
I tested this one: jvoisin/php-malware-finder: Detect potentially malicious PHP files koji je aktivno održavan i korektan a i pisan je u Go pa ga mogu lako. Win exe: PHP Vulnerability Hunter Overview Win exe: Grabber! Like a Petit Pimouss’
Source: 10 Best PHP Code Security Scanner to Find Vulnerabilities - Geekflare
Maintainn Tools takođe poseduje file integrity check to compare the WordPress Core files on your website hosting server to the current WordPress files, ali opcija koja je mene privukla je Plugin Admin Notes: Add notes next to each plugin.
What is YARA?
Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs. | by Mark Ernest | Medium epinna/weevely3: Weaponized web shell