Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(wp): support csh, no sudo scan #1523

Merged
merged 1 commit into from
Mar 28, 2023
Merged

feat(wp): support csh, no sudo scan #1523

merged 1 commit into from
Mar 28, 2023
+72 −24

Conversation

kurita0
Copy link
Contributor

@kurita0 kurita0 commented Aug 25, 2022
edited by MaineK00n
Loading

What did you implement:

Support for environments where sudo cannot be used or when the shell is csh, so that users of the following rental servers can use WordPress scan.
https://help.sakura.ad.jp/rs/2251/?article_anchor=js-nav-3

Type of change

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

How Has This Been Tested?

Setup

$ pwd 
/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress
$ vagrant up
$ vagrant ssh-config
Host default
  HostName 127.0.0.1
  User vagrant
  Port 2222
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key
  IdentitiesOnly yes
  LogLevel FATAL
$ ssh -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -p 2222 vagrant@127.0.0.1

When sudo can be used(ServerInfo.User's Shell is ash)

config.toml

[servers.wordpress]
host                = "127.0.0.1"
port               = "2222"
user               = "root"
keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode           = ["fast"]
scanModules = ["wordpress"]

[servers.wordpress.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "vuls"
docRoot     = "/var/www/html"
noSudo      = false

before

$ vuls scan --debug
[Sep  6 13:20:42]  INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
...
[Sep  6 13:20:43]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:20:43]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep  6 13:20:43] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
[Sep  6 13:20:43] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp theme list --path=/var/www/html --format=json --allow-root 2>/dev/null
[Sep  6 13:20:45] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp theme list --path=/var/www/html --format=json --allow-root 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
  stderr: 
  err: %!s(<nil>)
[Sep  6 13:20:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp plugin list --path=/var/www/html --format=json --allow-root 2>/dev/null
[Sep  6 13:20:45] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp plugin list --path=/var/www/html --format=json --allow-root 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
  stderr: 
  err: %!s(<nil>)


Scan Summary
================
wordpress	ubuntu20.04	0 installed	6 WordPress pkgs

after

$ vuls scan --debug
[Sep  6 13:21:43]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep  6 13:21:45]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:21:45] DEBUG [wordpress] Executing... printenv SHELL
[Sep  6 13:21:45] DEBUG [wordpress] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
  exitstatus: 0
  stdout: /bin/bash

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:21:45]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep  6 13:21:45] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
[Sep  6 13:21:45] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp theme list --format=json --path=/var/www/html --allow-root 2>/dev/null
[Sep  6 13:21:46] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp theme list --format=json --path=/var/www/html --allow-root 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
  stderr: 
  err: %!s(<nil>)
[Sep  6 13:21:46] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp plugin list --format=json --path=/var/www/html --allow-root 2>/dev/null
[Sep  6 13:21:47] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp plugin list --format=json --path=/var/www/html --allow-root 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
  stderr: 
  err: %!s(<nil>)


Scan Summary
================
wordpress	ubuntu20.04	0 installed	6 WordPress pkgs

When sudo cannot be used(ServerInfo.User == ServerInfo.WordPress.OSUser, ServerInfo.User's Shell is csh)

config.toml

[servers.wordpress]
host                = "127.0.0.1"
port               = "2222"
user               = "vuls"
keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode           = ["fast"]
scanModules = ["wordpress"]

[servers.wordpress.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "vuls"
docRoot     = "/var/www/html"
noSudo      = true

before

$ vuls scan --debug
[Sep  6 13:23:32]  INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
...
[Sep  6 13:23:32]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:23:32]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:23:32] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep  6 13:23:32] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
  exitstatus: 1
  stdout: vuls is not in the sudoers file.  This incident will be reported.

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:23:32] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
    github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
        /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/scanner.go:883
  - Failed to exec `sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"vuls", DocRoot:"/var/www/html", CmdPath:"/usr/local/bin/wp"}:
    github.com/future-architect/vuls/scanner.(*base).scanWordPress
        /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/base.go:793]


Scan Summary
================
wordpress	Error		Use configtest subcommand or scan with --debug to view the details

after

$ vuls scan --debug
[Sep  6 13:24:24]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep  6 13:24:24]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:24:24] DEBUG [wordpress] Executing... printenv SHELL
[Sep  6 13:24:24] DEBUG [wordpress] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
  exitstatus: 0
  stdout: /usr/bin/csh

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:24:24]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:24:24] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html
[Sep  6 13:24:24] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:24:24] DEBUG [localhost] Executing... ( /usr/local/bin/wp core version --path=/var/www/html > /dev/tty ) >& /dev/null
[Sep  6 13:24:24] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp core version --path=/var/www/html > /dev/tty ) >& /dev/null
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:24:24] DEBUG [localhost] Executing... ( /usr/local/bin/wp theme list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
[Sep  6 13:24:26] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp theme list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
  exitstatus: 0
  stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
  stderr: 
  err: %!s(<nil>)
[Sep  6 13:24:26] DEBUG [localhost] Executing... ( /usr/local/bin/wp plugin list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
[Sep  6 13:24:26] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp plugin list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
  exitstatus: 0
  stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
  stderr: 
  err: %!s(<nil>)


Scan Summary
================
wordpress	ubuntu20.04	0 installed	6 WordPress pkgs

after(ServerInfo.User's Shell is bash)

config.toml

[servers.wordpress]
host                = "127.0.0.1"
port               = "2222"
user               = "vagrant"
keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode           = ["fast"]
scanModules = ["wordpress"]

[servers.wordpress.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "vagrant"
docRoot     = "/var/www/html"
noSudo      = true
$ vuls scan --debug
[Sep  6 13:27:53]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep  6 13:27:56]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:27:56] DEBUG [wordpress] Executing... printenv SHELL
[Sep  6 13:27:56] DEBUG [wordpress] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
  exitstatus: 0
  stdout: /bin/bash

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:27:56]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html
[Sep  6 13:27:56] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html 2>/dev/null
[Sep  6 13:27:56] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html 2>/dev/null
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp theme list --format=json --path=/var/www/html 2>/dev/null
[Sep  6 13:27:58] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp theme list --format=json --path=/var/www/html 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
  stderr: 
  err: %!s(<nil>)
[Sep  6 13:27:58] DEBUG [localhost] Executing... /usr/local/bin/wp plugin list --format=json --path=/var/www/html 2>/dev/null
[Sep  6 13:27:58] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp plugin list --format=json --path=/var/www/html 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
  stderr: 
  err: %!s(<nil>)


Scan Summary
================
wordpress	ubuntu20.04	0 installed	6 WordPress pkgs

When sudo cannot be used(ServerInfo.User != ServerInfo.WordPress.OSUser, ServerInfo.User's Shell is bash)

setup only for this case

$ ssh -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -p 2222 root@127.0.0.1 apt-get purge -y sudo

config.toml

[servers.wordpress]
host                = "127.0.0.1"
port               = "2222"
user               = "root"
keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode           = ["fast"]
scanModules = ["wordpress"]

[servers.wordpress.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "vagrant"
docRoot     = "/var/www/html"
noSudo      = true

before

$ vuls scan --debug
[Sep  6 13:35:08]  INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
...
[Sep  6 13:35:10]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:35:10]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:35:10] DEBUG [localhost] Executing... sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep  6 13:35:10] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
  exitstatus: 127
  stdout: bash: sudo: command not found

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:35:10] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
    github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
        /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/scanner.go:883
  - Failed to exec `sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"vagrant", DocRoot:"/var/www/html", CmdPath:"/usr/local/bin/wp"}:
    github.com/future-architect/vuls/scanner.(*base).scanWordPress
        /home/mainek00n/go/src/github.com/future-architect/vuls/scanner/base.go:793]


Scan Summary
================
wordpress	Error		Use configtest subcommand or scan with --debug to view the details

after

$ vuls scan --debug
[Sep  6 13:37:33]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep  6 13:37:35]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:37:35] DEBUG [wordpress] Executing... printenv SHELL
[Sep  6 13:37:35] DEBUG [wordpress] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
  exitstatus: 0
  stdout: /bin/bash

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:37:35]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:37:35] DEBUG [wordpress] Executing... timeout 2 su vagrant -c exit
[Sep  6 13:37:35] DEBUG [wordpress] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; timeout 2 su vagrant -c exit
  exitstatus: 0
  stdout: 
  stderr: 
  err: %!s(<nil>)
[Sep  6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html'
[Sep  6 13:37:35] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html'
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html' 2>/dev/null
[Sep  6 13:37:35] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html' 2>/dev/null
  exitstatus: 0
  stdout: 6.0.2

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp theme list --format=json --path=/var/www/html' 2>/dev/null
[Sep  6 13:37:37] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp theme list --format=json --path=/var/www/html' 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
  stderr: 
  err: %!s(<nil>)
[Sep  6 13:37:37] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp plugin list --format=json --path=/var/www/html' 2>/dev/null
[Sep  6 13:37:37] DEBUG [localhost] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp plugin list --format=json --path=/var/www/html' 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
  stderr: 
  err: %!s(<nil>)


Scan Summary
================
wordpress	ubuntu20.04	0 installed	6 WordPress pkgs

after(If the Switch User requires a Password)

config.toml

[servers.wordpress]
host                = "127.0.0.1"
port               = "2222"
user               = "vagrant"
keyPath            = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode           = ["fast"]
scanModules = ["wordpress"]

[servers.wordpress.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "vuls"
docRoot     = "/var/www/html"
noSudo      = true
$ vuls scan --debug
[Sep  6 13:38:55]  INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep  6 13:38:57]  INFO [localhost] (1/1) wordpress is running on other
[Sep  6 13:38:57] DEBUG [wordpress] Executing... printenv SHELL
[Sep  6 13:38:57] DEBUG [wordpress] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
  exitstatus: 0
  stdout: /bin/bash

  stderr: 
  err: %!s(<nil>)
[Sep  6 13:38:57]  INFO [wordpress] Scanning WordPress...
[Sep  6 13:38:57] DEBUG [wordpress] Executing... timeout 2 su vuls -c exit
[Sep  6 13:38:59] DEBUG [wordpress] execResult: servername: wordpress
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; timeout 2 su vuls -c exit
  exitstatus: 124
  stdout: 
  stderr: 
  err: %!s(<nil>)
[Sep  6 13:38:59] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
    github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
        /home/mainek00n/github/github.com/MaineK00n/vuls/scanner/scanner.go:883
  - Failed to switch user without password. err: please configure to switch users without password:
    github.com/future-architect/vuls/scanner.(*base).scanWordPress
        /home/mainek00n/github/github.com/MaineK00n/vuls/scanner/base.go:829]


Scan Summary
================
wordpress	Error		Use configtest subcommand or scan with --debug to view the details

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

Sorry, something went wrong.

@kurita0
Copy link
Contributor Author

kurita0 commented Aug 25, 2022

csh対応 (XXX >/dev/tty) >& /dev/null で問題なかったので修正しました。

@kurita0
Copy link
Contributor Author

kurita0 commented Aug 26, 2022
edited
Loading

(XXX >/dev/tty) >& /dev/null はユーザのシェルが /bin/sh の場合に Syntax error: Bad fd number のエラーになるので revert しました。根本的な対処は csh の場合に処理を分岐させる必要あり。

@MaineK00n
Copy link
Collaborator

Thanks, @kurita0

It seems that unnecessary commits are mixed in.
Can you rebase it or something so that only the necessary commits are included?

@kurita0 kurita0 force-pushed the support-wpscan-sakura branch 2 times, most recently from e105bd5 to 906bd46 Compare August 26, 2022 09:52
@kurita0
Copy link
Contributor Author

kurita0 commented Aug 26, 2022

rebase done.

@MaineK00n
Copy link
Collaborator

Please share your commands, config.toml, WordPress environment setup, before/after behavior, etc. to validate your PR.

@kurita0
Copy link
Contributor Author

kurita0 commented Aug 28, 2022

commnads

/var/db/vuls/go/bin/vuls scan --debug -config=/usr/local/etc/vuls/config.toml \
  -results-dir=/var/db/vuls/results foo

config.toml

...
[servers.foo]
host        = "foo.sakura.ne.jp"
port        = "22"
user        = "foo"
keyPath     = "/var/db/vuls/.ssh/id_rsa"
scanModules = ["wordpress"]

[servers.foo.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "foo"
docRoot     = "/home/foo/www/foo.jp"
...

before

...
[Aug 28 12:55:54]  INFO [foo] Scanning WordPress...
[Aug 28 12:55:54] DEBUG [localhost] Executing... sudo -u foo -i -- /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
[Aug 28 12:55:54] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m foo@foo.sakura.ne.jp -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; sudo -u foo -i -- /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
  exitstatus: 126
  stdout: bash: line 1: /usr/local/bin/sudo: Permission denied

  stderr: 
  err: %!s(<nil>)
[Aug 28 12:55:54] ERROR [localhost] Error on foo, err: [Failed to scan WordPress:
    github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
        /var/db/vuls/go/src/github.com/future-architect/vuls/scanner/serverapi.go:664
  - Failed to exec `sudo -u foo -i -- /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"foo", DocRoot:"/home/foo/www/foo.jp", CmdPath:"/usr/local/bin/wp"}:
    github.com/future-architect/vuls/scanner.(*base).scanWordPress
        /var/db/vuls/go/src/github.com/future-architect/vuls/scanner/base.go:715
...

Sakura server does not allow users to sudo.

after

...
[Aug 28 12:54:21]  INFO [foo] Scanning WordPress...
[Aug 28 12:54:21] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
[Aug 28 12:54:21] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
  exitstatus: 0
  stdout: 6.0.1

  stderr: 
  err: %!s(<nil>)
[Aug 28 12:54:21] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
[Aug 28 12:54:21] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
  exitstatus: 0
  stdout: 6.0.1

  stderr: 
  err: %!s(<nil>)
[Aug 28 12:54:21] DEBUG [localhost] Executing... /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
[Aug 28 12:54:25] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
  stderr: 
  err: %!s(<nil>)
[Aug 28 12:54:25] DEBUG [localhost] Executing... /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
[Aug 28 12:54:26] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
  exitstatus: 0
  stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"all-in-one-wp-security-and-firewall","status":"active","update":"none","version":"4.4.12"},{"name":"autoptimize","status":"inactive","update":"none","version":"3.1.1.1"},{"name":"classic-editor","status":"inactive","update":"none","version":"1.6.2"},{"name":"disable-google-fonts","status":"inactive","update":"none","version":"2.0"},{"name":"disable-json-api","status":"active","update":"none","version":"1.7"},{"name":"imagemagick-engine","status":"active","update":"none","version":"1.7.4"},{"name":"protect-uploads","status":"inactive","update":"none","version":"0.4"},{"name":"ts-webfonts-for-sakura","status":"inactive","update":"none","version":"3.1.0"},{"name":"wp-fastest-cache","status":"active","update":"none","version":"1.0.4"},{"name":"wp-multibyte-patch","status":"active","update":"none","version":"2.9"}]
  stderr: 
  err: %!s(<nil>)


Scan Summary
================
foo	freebsd13.0-RELEASE-p12	0 installed	15 WordPress pkgs

@MaineK00n
Copy link
Collaborator

Omit sudo if ServerInfo.User and ServerInfo.WordPress.OSUser match.

I don't think it's a good idea to base whether or not a scan user name and a WordPress user name are the same to determine whether or not a command requires permissions to execute.
How about being able to set permissions to execute commands?

WPScan works on C shell

Not implement. Change shell to bas

Regarding the csh support, I would be glad if you could work on it.
For now, how about using $ echo $SHELL to determine shell?
How about implementing (%s >/dev/tty) >& /dev/null for csh, or %s 2>/dev/null for sh or bash as a command template?

@kurita0
Copy link
Contributor Author

kurita0 commented Aug 30, 2022

I don't think it's a good idea to base whether or not a scan user name and a WordPress user name are the same to determine whether or not a command requires permissions to execute.
How about being able to set permissions to execute commands?

Add noSudo to wordpress conf.

Regarding the csh support, I would be glad if you could work on it.
For now, how about using $ echo $SHELL to determine shell?
How about implementing (%s >/dev/tty) >& /dev/null for csh, or %s 2>/dev/null for sh or bash as a command template?

Implemented.

config.toml

...
[servers.foo]
host        = "foo.sakura.ne.jp"
port        = "22"
user        = "foo"
keyPath     = "/var/db/vuls/.ssh/id_rsa"
scanModules = ["wordpress"]

[servers.foo.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "foo"
docRoot     = "/home/foo/www/foo.jp"
noSudo      = true
...

after

[Aug 30 21:03:40]  INFO [foo] Scanning WordPress...
[Aug 30 21:03:40] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
[Aug 30 21:03:40] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
  exitstatus: 0
  stdout: 6.0.1

  stderr: 
  err: %!s(<nil>)
[Aug 30 21:03:40] DEBUG [localhost] Executing... ( /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
[Aug 30 21:03:40] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; ( /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
  exitstatus: 0
  stdout: 6.0.1

  stderr: 
  err: %!s(<nil>)
[Aug 30 21:03:40] DEBUG [localhost] Executing... ( /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
[Aug 30 21:03:43] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; ( /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
  exitstatus: 0
  stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
  stderr: 
  err: %!s(<nil>)
[Aug 30 21:03:43] DEBUG [localhost] Executing... ( /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
[Aug 30 21:03:45] DEBUG [localhost] execResult: servername: foo
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; ( /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
  exitstatus: 0
  stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"all-in-one-wp-security-and-firewall","status":"active","update":"none","version":"4.4.12"},{"name":"autoptimize","status":"inactive","update":"none","version":"3.1.1.1"},{"name":"classic-editor","status":"inactive","update":"none","version":"1.6.2"},{"name":"disable-google-fonts","status":"inactive","update":"none","version":"2.0"},{"name":"disable-json-api","status":"active","update":"none","version":"1.7"},{"name":"imagemagick-engine","status":"active","update":"none","version":"1.7.4"},{"name":"protect-uploads","status":"inactive","update":"none","version":"0.4"},{"name":"ts-webfonts-for-sakura","status":"inactive","update":"none","version":"3.1.0"},{"name":"wp-fastest-cache","status":"active","update":"none","version":"1.0.4"},{"name":"wp-multibyte-patch","status":"active","update":"none","version":"2.9"}]
  stderr: 
  err: %!s(<nil>)


Scan Summary
================
foo	freebsd13.0-RELEASE-p12	0 installed	15 WordPress pkgs

MaineK00n
MaineK00n reviewed Aug 30, 2022
View reviewed changes
MaineK00n
MaineK00n reviewed Aug 30, 2022
View reviewed changes
@MaineK00n
Copy link
Collaborator

Are you going to write a document about NoSudo and its operational case?
https://github.com/vulsdoc/vuls/blob/master/docs/usage-scan-wordpress.md

@MaineK00n MaineK00n force-pushed the support-wpscan-sakura branch from 118940d to bbbbbee Compare September 1, 2022 09:36
@MaineK00n MaineK00n changed the title Support WPScan on Sakura Rental Server feat(wp): support csh, no sudo scan Sep 1, 2022
@MaineK00n MaineK00n marked this pull request as draft September 1, 2022 12:59
@MaineK00n MaineK00n marked this pull request as ready for review September 6, 2022 04:46
MaineK00n
MaineK00n approved these changes Sep 6, 2022
View reviewed changes
Copy link
Collaborator

@MaineK00n MaineK00n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MaineK00n MaineK00n force-pushed the support-wpscan-sakura branch from bbbbbee to c380c10 Compare September 6, 2022 04:51
@MaineK00n MaineK00n mentioned this pull request Sep 6, 2022
Merged
@kurita0 @MaineK00n
feat(wp): support csh, no sudo scan
100c940 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
@MaineK00n MaineK00n force-pushed the support-wpscan-sakura branch from c380c10 to 100c940 Compare March 28, 2023 11:59
@MaineK00n MaineK00n merged commit e506125 into future-architect:master Mar 28, 2023
@MaineK00n MaineK00n mentioned this pull request Feb 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaineK00n MaineK00n

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kurita0 @MaineK00n