CoMisSion - WhiteBox CMS analysis
CoMisSion is a tool to quickly analyze a CMS setup. The tool:
- checks for the core version;
- checks for modifications made on the core (additions, alterations, deletions) with a fresh archive downloaded from CMS official website;
- looks for the last core version;
- looks for vulnerabilities in core version used (WordPress only);
- checks for plugins and themes version;
- checks for modifications made on each plugin and each theme (additions, alterations, deletions) with a fresh archive downloaded from CMS official website;
- looks for vulnerabilities in plugins and themes version used.
๐ฅ Attention: CoMisSion is not looking for vulnerabilities by analysing the source code. Vulnerabilities are gathered from public databases like wpvulndb. Finding new vulnerabilities is not the purpose of this tool.
A complete report can be generated in following formats:
- XLSX
- CSV
- JSON (to allow the tool to be used in a CI process)
The tool has been tested on Linux and Windows. To avoid output pollution, I recommend setting --no-color option on Windows.
Example
./commision.py -c wordpress -d /cms_dir -o report.xlsx -t XLSX
Installation
The tool needs at least python3.6.
git clone https://github.com/Intrinsec/comission
pip install -r requirements.txt
Usage
usage: comission.py [-h] -d DIR -c CMS [-o FILE] [-t TYPE] [--skip-core]
[--skip-plugins] [--skip-themes] [--no-color] [-f CONF]
[--log LOGFILE] [--wp-content WP_CONTENT]
[--plugins-dir PLUGINS_DIR] [--themes-dir THEMES_DIR]
[--major VERSION_MAJOR] [-v VERSION]
[--wpvulndb-token WPVULNDB_TOKEN] [--debug]
CoMisSion analyse a CMS and plugins used.
optional arguments:
-h, --help show this help message and exit
-d DIR, --dir DIR CMS root directory
-c CMS, --cms CMS CMS type (drupal, wordpress)
-o FILE, --output FILE
Path to output file
-t TYPE, --type TYPE Type of output (CSV, XLSX, JSON, STDOUT). Default to
XLSX.
--skip-core Set this to skip core analysis
--skip-plugins Set this to skip plugins analysis
--skip-themes Set this to skip themes analysis
--no-color Do not use colors in the output.
-f CONF, --file CONF Configuration file. See example.conf.
--log LOGFILE Log output in given file.
--wp-content WP_CONTENT
Set this to force the wp-content directory location.
--plugins-dir PLUGINS_DIR
Set this to force the plugins directory location.
--themes-dir THEMES_DIR
Set this to force the themes directory location.
--major VERSION_MAJOR
Specify the core major version (eg. 7, 8) when using
--skip-core arg. Works only for Drupal.
-v VERSION, --version VERSION
Specify the core full version (eg. 5.5).
--wpvulndb-token WPVULNDB_TOKEN
Set a token to request wpvulndb API.
--debug Print debug message to help identify errors.
๐ฅ In order to get vulnerabilities for WordPress, you have to set the --wpvulndb_token arg. You can get one token with an account on wpvulndb.
You can provide a configuration file. See example.conf for reference.
CMS supported
- Wordpress
- Drupal (no vulnerability checks)
Docker
We are not publishing any official image yet. To use the tool with docker, you can build an image. In the project folder, build with:
docker build -t isec/comission .
Then run it with :
docker run -it --rm -v /TARGET_PATH/:/cms_path/ -v /OUTPUT_DIR/:/output/ isec/comission -d /cms_path/ -c drupal -o /output/test_docker.xlsx -t XLSX
Be careful to change the path "TARGET_PATH" and "OUTPUT_DIR" to match your folders.
Tests
Unit tests are available in tests folder. Before launching test, you should create a test-data-set directory containing drupal and wordpress subdirectories, and a test.conf file containing at least a wpvulndb_token value.
Author
Paul Mars (Intrinsec)
Based on an idea of Etienne Boursier (Intrinsec)
Copyright - License - WPVULNDB
This tools is distributed under the GPLv3 license. But be careful, the tool uses the wpvulndb API to gather information on WordPress core and plugins.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent