Skip to content
/ vulnrep Public

vulnerability reporting tool powered by vulners.com and wpvulndb.com

License

Notifications You must be signed in to change notification settings

ozzi-/vulnrep

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

build status licence open issues

VulnRep - Vulnerability Reporting

This tool will collect all vulnerabilities (from vulners.com and/or wpvulndb.com) for defined keywords generate a HTML report. Additionally, the report will be sent as an email to defined recipients.

screenshot of functionality

Here you can see how the email report will look like: screenshot of report

Setup

API Key

First of all, you will need to get yourself some API Keys.

Vulners

Create a vulners account then navigate to https://vulners.com/userinfo. Unter the tab "API KEYS", select scope "api", license "free" and enter your public IP where vulnrep will be running. Copy the API key and paste it into "subscriptions.json" under "apikeyVulners".

WPVulnDB

Create a WPVulnDB account then navigate to https://wpvulndb.com/users/edit. Copy / Generate the API key and paste it into "subscriptions.json" under "apikeyWPVulnDB".

Configuration

All configuration is done in three JSON files, "subscriptions.json", "history.json" and "email.json". Those JSON files need to be in the same directory as the JAR.

subscriptions

Subscriptions contains your API keys as well all of the wordpress plugins and keywords you are interested in.

{
        "apikeyVulners": "****************",
        "apikeyWPVulnDB": "****************",
        "entries":[
                {
                        "name":"custom_wpvulndb_plugin" ,
                        "plugins":[
							"duplicate-post","polylang","post-types-definitely","regenerate-thumbnails"
						]
                },{
                        "name":"chrome" ,
                        "cvss": 5.0
                },{
                        "name":"firefox" ,
                        "cvss": 5.0
                }
        ]
}

email

This JSON contains all settings related to the e-mail report.

{
        "recipients":[ "recipient@domain.ch" ],
        "sender": {
                "address": "sender@domain.ch",
                "host": "smtp.domain.ch",
                "port":25,
                "user":"sender@domain.ch",
                "password":"*****************",
                "subject":"Vulnerability Report <d>",
		"secure":true,
		"trustall":false
        }
}

history

This JSON file will store all reported vulnerabilities

{
  "history": [
  ],
  "deleteAfter": {
    "days": 60
  }
}

Running VulnRep

java -jar VulnerabilityReporting.jar 5d

Where 5d means get me all the vulnerabilities published in the last 5 days of the keywords defined in subscriptions.json, which I have not seen yet. You can use h for hours and m for minutes too. The report HTML file will be saved in the same directory the JAR resides in.

Creating a job

In order to automate this, I use a cron job:

$ env EDITOR=nano crontab -e

# run every sunday morning at 0700
0 7 * * 0  cd /opt/vulnrep; java -jar VulnerabilityReporting.jar