A very rough copy of https://github.com/anantshri/wpvulndb_commandline, modified for Wordshell
Uses Wordshell and WPVulnDB. Requires Python 2.7 and the Requests module
Useful for anyone using Wordshell who wants a quick check of vulnerable plugins and themes being used on the site.
usage: wsvulndb.py [-h] --site SITE [--vulnonly] [--coreonly] [--themesonly] [--pluginsonly] [--debug]
This program is used to run a quick wordpress scan via the wpscan API.
optional arguments:
-h, --help show this help message and exit
--path PATH Provide URL
--vulnonly Only list vulnerable items
--coreonly Only check the core version
--themesonly Only check the themes
--pluginsonly Only check the plugins
--sync Sync before checking
--debug Provides extra information
If none of --coreonly, --themesonly or --pluginsonly is specified, everything will be checked.
Credit (C) Anant Shrivastava http://anantshri.info - original script for wpcli
and Mikey Beck - wordshell compatibility modifications
python wsvulndb.py --site wpsite
Syncing & checking core
[+] Wordpress : 442 : No Reported Security Issues
Syncing & checking themes
[+] Theme : Storefront : No Reported Security Issues
[+] Theme : Twentyfifteen : No Reported Security Issues
[+] Theme : Twentyfourteen : No Reported Security Issues
[+] Theme : Twentysixteen : No Reported Security Issues
Syncing & checking plugins
[+] Plugin : Akismet : No Reported Security Issues
[+] Plugin : Clean-up-notifications : No Reported Security Issues
[+] Plugin : Debug-bar : No Reported Security Issues
[+] Plugin : Hello : No Reported Security Issues
[+] Plugin : Nginx-helper : No Reported Security Issues
[-] Plugin : Simple-ads-manager : 2.9.4.116 : is Vulnerable to Simple Ads Manager <= 2.9.4.116 - SQL Injection Fixed in Version 2.9.5.118
[+] Plugin : Woocommerce : No Reported Security Issues
[+] Plugin : Wordpress-seo-premium : No Reported Security Issues
[+] Plugin : Wpseo-woocommerce : No Reported Security Issues
python wsvulndb.py --site wpsite --themesonly --debug
Syncing & checking themes
wpsite storefront 1.6.1 Storefront
wpsite twentyfifteen (i) 1.4 Twenty Fifteen
wpsite twentyfourteen (i) 1.6 Twenty Fourteen
wpsite twentysixteen (i) 1.1 Twenty Sixteen
wpsite storefront 1.6.1 Storefront
['\x1b[1mwpsite', '\x1b(B\x1b[m', 'storefront', '\x1b[1m1.6.1', '\x1b(B\x1b[m', 'Storefront']
storefront
1.6.1
storefront 1.6.1
https://wpvulndb.com/api/v1/themes/storefront
(404)
[+] Theme : Storefront : No Reported Security Issues
wpsite twentyfifteen 1.4 Twenty Fifteen
['\x1b[1mwpsite', '\x1b(B\x1b[m', 'twentyfifteen', '\x1b[1m1.4', '\x1b(B\x1b[m', 'Twenty', 'Fifteen']
twentyfifteen
1.4
twentyfifteen 1.4
https://wpvulndb.com/api/v1/themes/twentyfifteen
[+] Theme : Twentyfifteen : No Reported Security Issues
wpsite twentyfourteen 1.6 Twenty Fourteen
['\x1b[1mwpsite', '\x1b(B\x1b[m', 'twentyfourteen', '\x1b[1m1.6', '\x1b(B\x1b[m', 'Twenty', 'Fourteen']
twentyfourteen
1.6
twentyfourteen 1.6
https://wpvulndb.com/api/v1/themes/twentyfourteen
(404)
[+] Theme : Twentyfourteen : No Reported Security Issues
wpsite twentysixteen 1.1 Twenty Sixteen
['\x1b[1mwpsite', '\x1b(B\x1b[m', 'twentysixteen', '\x1b[1m1.1', '\x1b(B\x1b[m', 'Twenty', 'Sixteen']
twentysixteen
1.1
twentysixteen 1.1
https://wpvulndb.com/api/v1/themes/twentysixteen
(404)
[+] Theme : Twentysixteen : No Reported Security Issues
Wordshell collects the names and version numbers of the core, themes and plugins. This script parses that information, checks it via the WPVulnDB API and reports back.
The progress tracker introduced in the most recent update isn't really accurate but is more there to show that something is happening. However, it has a habit of staying on 1% for a looong time, particularly on sites with many plugins. Sorry about that.
If you get the error 'requests.exceptions.SSLError: hostname 'wpvulndb.com' doesn't match either of '*.sucuri.net', 'sucuri.net'':
Upgrade Python to at least version 2.7.9.
Upgrade commands for third party repo:
sudo add-apt-repository ppa:fkrull/deadsnakes-python2.7
sudo apt-get update
sudo apt-get install python2.7