Skip to content
/ vulnrep Public

vulnerability reporting tool powered by vulners.com and wpvulndb.com

License

GPL-3.0 license
12 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ozzi-/vulnrep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
src
src
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
email.json
email.json
 
 
history.json
history.json
 
 
pom.xml
pom.xml
 
 
readme.MD
readme.MD
 
 
subscriptions.json
subscriptions.json
 
 

Repository files navigation

build status licence open issues

VulnRep - Vulnerability Reporting

This tool will collect all vulnerabilities (from vulners.com and/or wpvulndb.com) for defined keywords generate a HTML report. Additionally, the report will be sent as an email to defined recipients.

screenshot of functionality

Here you can see how the email report will look like: screenshot of report

Setup

API Key

First of all, you will need to get yourself some API Keys.

Vulners

Create a vulners account then navigate to https://vulners.com/userinfo. Unter the tab "API KEYS", select scope "api", license "free" and enter your public IP where vulnrep will be running. Copy the API key and paste it into "subscriptions.json" under "apikeyVulners".

WPVulnDB

Create a WPVulnDB account then navigate to https://wpvulndb.com/users/edit. Copy / Generate the API key and paste it into "subscriptions.json" under "apikeyWPVulnDB".

Configuration

All configuration is done in three JSON files, "subscriptions.json", "history.json" and "email.json". Those JSON files need to be in the same directory as the JAR.

subscriptions

Subscriptions contains your API keys as well all of the wordpress plugins and keywords you are interested in.

{
        "apikeyVulners": "****************",
        "apikeyWPVulnDB": "****************",
        "entries":[
                {
                        "name":"custom_wpvulndb_plugin" ,
                        "plugins":[
							"duplicate-post","polylang","post-types-definitely","regenerate-thumbnails"
						]
                },{
                        "name":"chrome" ,
                        "cvss": 5.0
                },{
                        "name":"firefox" ,
                        "cvss": 5.0
                }
        ]
}

email

This JSON contains all settings related to the e-mail report.

{
        "recipients":[ "[email protected]" ],
        "sender": {
                "address": "[email protected]",
                "host": "smtp.domain.ch",
                "port":25,
                "user":"[email protected]",
                "password":"*****************",
                "subject":"Vulnerability Report <d>",
		"secure":true,
		"trustall":false
        }
}

history

This JSON file will store all reported vulnerabilities

{
  "history": [
  ],
  "deleteAfter": {
    "days": 60
  }
}

Running VulnRep

java -jar VulnerabilityReporting.jar 5d

Where 5d means get me all the vulnerabilities published in the last 5 days of the keywords defined in subscriptions.json, which I have not seen yet. You can use h for hours and m for minutes too. The report HTML file will be saved in the same directory the JAR resides in.

Creating a job

In order to automate this, I use a cron job:

$ env EDITOR=nano crontab -e

# run every sunday morning at 0700
0 7 * * 0  cd /opt/vulnrep; java -jar VulnerabilityReporting.jar

About

vulnerability reporting tool powered by vulners.com and wpvulndb.com

Topics

security scanner reporting report vulnerability wpvulndb vulners

Resources

Readme

License

GPL-3.0 license
Activity

Stars

12 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases 4

1.3 Latest
May 20, 2020
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages