Added wp-sec and wpscan

PDowney · PDowney · commit e7933584b6da · 2022-05-15T20:46:42.000-04:00
diff --git a/scripts/functions/security/wp-sec.sh b/scripts/functions/security/wp-sec.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+#----------------------------------------------------------------------------
+# EngineScript - High-Performance WordPress LEMP Server
+#----------------------------------------------------------------------------
+# Website:      https://EngineScript.com
+# GitHub:       https://github.com/Enginescript/EngineScript
+# Company:      VisiStruct / EngineScript
+# License:      GPL v3.0
+# OS:           Ubuntu 22.04 (jammy)
+#----------------------------------------------------------------------------
+
+# EngineScript Variables
+source /usr/local/bin/enginescript/enginescript-variables.txt
+source /home/EngineScript/enginescript-install-options.txt
+
+# Check current user's ID. If user is not 0 (root), exit.
+if [ "${EUID}" != 0 ];
+  then
+    echo "${BOLD}ALERT:${NORMAL}"
+    echo "EngineScript should be executed as the root user."
+    exit
+fi
+
+#----------------------------------------------------------------------------
+# Start Main Script
+
+cd /var/www/sites
+printf "Please select the site you want to scan for vulnerabilities:\n"
+select d in */; do test -n "$d" && break; echo ">>> Invalid Selection"; done
+cd "$d"html && echo "WP-Sec Vulnerability Scan"
+wp wp-sec check --allow-root --type=all --output=user --api=v3 --cached --token=${WPSCANAPI}
+
+# Ask user to acknowledge that the scan has completed before moving on
+echo ""
+echo ""
+read -n 1 -s -r -p "Press any key to continue"
+echo ""
+echo ""
diff --git a/scripts/functions/security/wpscan.sh b/scripts/functions/security/wpscan.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+#----------------------------------------------------------------------------
+# EngineScript - High-Performance WordPress LEMP Server
+#----------------------------------------------------------------------------
+# Website:      https://EngineScript.com
+# GitHub:       https://github.com/Enginescript/EngineScript
+# Company:      VisiStruct / EngineScript
+# License:      GPL v3.0
+# OS:           Ubuntu 22.04 (jammy)
+#----------------------------------------------------------------------------
+
+# EngineScript Variables
+source /usr/local/bin/enginescript/enginescript-variables.txt
+source /home/EngineScript/enginescript-install-options.txt
+
+# Check current user's ID. If user is not 0 (root), exit.
+if [ "${EUID}" != 0 ];
+  then
+    echo "${BOLD}ALERT:${NORMAL}"
+    echo "EngineScript should be executed as the root user."
+    exit
+fi
+
+#----------------------------------------------------------------------------
+# Start Main Script
+
+cd /var/www/sites
+printf "Please select the site you want to scan for vulnerabilities:\n"
+select d in */; do test -n "$d" && break; echo ">>> Invalid Selection"; done
+echo "WPScan"
+wpscan --url $d -e vp --api-token ${WPSCANAPI}
+
+# Ask user to acknowledge that the scan has completed before moving on
+echo ""
+echo ""
+read -n 1 -s -r -p "Press any key to continue"
+echo ""
+echo ""
diff --git a/scripts/install/tools/wordpress/wpscan.sh b/scripts/install/tools/wordpress/wpscan.sh
@@ -33,9 +33,6 @@ echo "============================================================"
 echo ""
 echo "${BOLD}WPScan installed.${NORMAL}"
 echo ""
-echo "To run a scan of your site:"
-echo "wpscan --url https://yourdomain.com --enumerate"
-echo ""
 echo "============================================================="
 echo ""
 echo ""
diff --git a/scripts/menu/security-tools-menu.sh b/scripts/menu/security-tools-menu.sh
@@ -32,18 +32,26 @@ while true
     echo ""
     echo ""
     PS3='Please enter your choice: '
-    secoptions=("WP-CLI Vulnerability Scanner (site scanner)" "PHP Malware Finder (site scanner)" "Linux Malware Detect (server scanner)" "Clam Antivirus (server scanner)" "Exit Security Tools")
+    secoptions=("WP-CLI Vulnerability Scanner (site scanner)" "PHP Malware Finder (site scanner)" "WP-Sec Vulnerability Scan (site scanner)" "WPScan Vulnerability Scan (site scanner)" "Linux Malware Detect (server scanner)" "Clam Antivirus (server scanner)" "Exit Security Tools")
     select secopt in "${secoptions[@]}"
     do
       case $secopt in
-        "WP-CLI Vulnerability Scanner (site scanner)")
+        "10up WP-CLI Vulnerability Scanner (site scanner)")
           /usr/local/bin/enginescript/scripts/functions/security/10up-vuln-scanner.sh
           break
           ;;
         "PHP Malware Finder (site scanner)")
           /usr/local/bin/enginescript/scripts/functions/security/php-malware-finder.sh
           break
           ;;
+        "WP-Sec Vulnerability Scan (site scanner)")
+          /usr/local/bin/enginescript/scripts/functions/security/wp-sec.sh
+          break
+          ;;
+        "WPScan Vulnerability Scan (site scanner)")
+          /usr/local/bin/enginescript/scripts/functions/security/wpscan.sh
+          break
+          ;;
         "Linux Malware Detect (server scanner)")
           /usr/local/bin/enginescript/scripts/functions/security/maldet.sh
           break
