vuls
vuls copied to clipboard
Published
20 hours ago •
future-architect
future-architect
feat(wp): support csh, no sudo scan
What did you implement:
Support for environments where sudo cannot be used or when the shell is csh, so that users of the following rental servers can use WordPress scan. https://help.sakura.ad.jp/rs/2251/?article_anchor=js-nav-3
Type of change
- [x] New feature (non-breaking change which adds functionality)
- [x] This change requires a documentation update
How Has This Been Tested?
Setup
$ pwd
/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress
$ vagrant up
$ vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key
IdentitiesOnly yes
LogLevel FATAL
$ ssh -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -p 2222 [email protected]
When sudo can be used(ServerInfo.User's Shell is ash)
config.toml
[servers.wordpress]
host = "127.0.0.1"
port = "2222"
user = "root"
keyPath = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode = ["fast"]
scanModules = ["wordpress"]
[servers.wordpress.wordpress]
cmdPath = "/usr/local/bin/wp"
osUser = "vuls"
docRoot = "/var/www/html"
noSudo = false
before
$ vuls scan --debug
[Sep 6 13:20:42] INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
...
[Sep 6 13:20:43] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:20:43] INFO [wordpress] Scanning WordPress...
[Sep 6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep 6 13:20:43] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
[Sep 6 13:20:43] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:20:43] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp theme list --path=/var/www/html --format=json --allow-root 2>/dev/null
[Sep 6 13:20:45] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp theme list --path=/var/www/html --format=json --allow-root 2>/dev/null
exitstatus: 0
stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
stderr:
err: %!s(<nil>)
[Sep 6 13:20:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp plugin list --path=/var/www/html --format=json --allow-root 2>/dev/null
[Sep 6 13:20:45] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp plugin list --path=/var/www/html --format=json --allow-root 2>/dev/null
exitstatus: 0
stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
stderr:
err: %!s(<nil>)
Scan Summary
================
wordpress ubuntu20.04 0 installed 6 WordPress pkgs
after
$ vuls scan --debug
[Sep 6 13:21:43] INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep 6 13:21:45] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:21:45] DEBUG [wordpress] Executing... printenv SHELL
[Sep 6 13:21:45] DEBUG [wordpress] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
exitstatus: 0
stdout: /bin/bash
stderr:
err: %!s(<nil>)
[Sep 6 13:21:45] INFO [wordpress] Scanning WordPress...
[Sep 6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep 6 13:21:45] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
[Sep 6 13:21:45] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root 2>/dev/null
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:21:45] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp theme list --format=json --path=/var/www/html --allow-root 2>/dev/null
[Sep 6 13:21:46] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp theme list --format=json --path=/var/www/html --allow-root 2>/dev/null
exitstatus: 0
stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
stderr:
err: %!s(<nil>)
[Sep 6 13:21:46] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp plugin list --format=json --path=/var/www/html --allow-root 2>/dev/null
[Sep 6 13:21:47] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp plugin list --format=json --path=/var/www/html --allow-root 2>/dev/null
exitstatus: 0
stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
stderr:
err: %!s(<nil>)
Scan Summary
================
wordpress ubuntu20.04 0 installed 6 WordPress pkgs
When sudo cannot be used(ServerInfo.User == ServerInfo.WordPress.OSUser, ServerInfo.User's Shell is csh)
config.toml
[servers.wordpress]
host = "127.0.0.1"
port = "2222"
user = "vuls"
keyPath = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode = ["fast"]
scanModules = ["wordpress"]
[servers.wordpress.wordpress]
cmdPath = "/usr/local/bin/wp"
osUser = "vuls"
docRoot = "/var/www/html"
noSudo = true
before
$ vuls scan --debug
[Sep 6 13:23:32] INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
...
[Sep 6 13:23:32] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:23:32] INFO [wordpress] Scanning WordPress...
[Sep 6 13:23:32] DEBUG [localhost] Executing... sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep 6 13:23:32] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
exitstatus: 1
stdout: vuls is not in the sudoers file. This incident will be reported.
stderr:
err: %!s(<nil>)
[Sep 6 13:23:32] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
/home/mainek00n/go/src/github.com/future-architect/vuls/scanner/scanner.go:883
- Failed to exec `sudo -u vuls -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"vuls", DocRoot:"/var/www/html", CmdPath:"/usr/local/bin/wp"}:
github.com/future-architect/vuls/scanner.(*base).scanWordPress
/home/mainek00n/go/src/github.com/future-architect/vuls/scanner/base.go:793]
Scan Summary
================
wordpress Error Use configtest subcommand or scan with --debug to view the details
after
$ vuls scan --debug
[Sep 6 13:24:24] INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep 6 13:24:24] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:24:24] DEBUG [wordpress] Executing... printenv SHELL
[Sep 6 13:24:24] DEBUG [wordpress] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
exitstatus: 0
stdout: /usr/bin/csh
stderr:
err: %!s(<nil>)
[Sep 6 13:24:24] INFO [wordpress] Scanning WordPress...
[Sep 6 13:24:24] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html
[Sep 6 13:24:24] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:24:24] DEBUG [localhost] Executing... ( /usr/local/bin/wp core version --path=/var/www/html > /dev/tty ) >& /dev/null
[Sep 6 13:24:24] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp core version --path=/var/www/html > /dev/tty ) >& /dev/null
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:24:24] DEBUG [localhost] Executing... ( /usr/local/bin/wp theme list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
[Sep 6 13:24:26] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp theme list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
exitstatus: 0
stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
stderr:
err: %!s(<nil>)
[Sep 6 13:24:26] DEBUG [localhost] Executing... ( /usr/local/bin/wp plugin list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
[Sep 6 13:24:26] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vuls -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; ( /usr/local/bin/wp plugin list --format=json --path=/var/www/html > /dev/tty ) >& /dev/null
exitstatus: 0
stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
stderr:
err: %!s(<nil>)
Scan Summary
================
wordpress ubuntu20.04 0 installed 6 WordPress pkgs
after(ServerInfo.User's Shell is bash)
config.toml
[servers.wordpress]
host = "127.0.0.1"
port = "2222"
user = "vagrant"
keyPath = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode = ["fast"]
scanModules = ["wordpress"]
[servers.wordpress.wordpress]
cmdPath = "/usr/local/bin/wp"
osUser = "vagrant"
docRoot = "/var/www/html"
noSudo = true
$ vuls scan --debug
[Sep 6 13:27:53] INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep 6 13:27:56] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:27:56] DEBUG [wordpress] Executing... printenv SHELL
[Sep 6 13:27:56] DEBUG [wordpress] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
exitstatus: 0
stdout: /bin/bash
stderr:
err: %!s(<nil>)
[Sep 6 13:27:56] INFO [wordpress] Scanning WordPress...
[Sep 6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html
[Sep 6 13:27:56] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/var/www/html 2>/dev/null
[Sep 6 13:27:56] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp core version --path=/var/www/html 2>/dev/null
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:27:56] DEBUG [localhost] Executing... /usr/local/bin/wp theme list --format=json --path=/var/www/html 2>/dev/null
[Sep 6 13:27:58] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp theme list --format=json --path=/var/www/html 2>/dev/null
exitstatus: 0
stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
stderr:
err: %!s(<nil>)
[Sep 6 13:27:58] DEBUG [localhost] Executing... /usr/local/bin/wp plugin list --format=json --path=/var/www/html 2>/dev/null
[Sep 6 13:27:58] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; /usr/local/bin/wp plugin list --format=json --path=/var/www/html 2>/dev/null
exitstatus: 0
stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
stderr:
err: %!s(<nil>)
Scan Summary
================
wordpress ubuntu20.04 0 installed 6 WordPress pkgs
When sudo cannot be used(ServerInfo.User != ServerInfo.WordPress.OSUser, ServerInfo.User's Shell is bash)
setup only for this case
$ ssh -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -p 2222 [email protected] apt-get purge -y sudo
config.toml
[servers.wordpress]
host = "127.0.0.1"
port = "2222"
user = "root"
keyPath = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode = ["fast"]
scanModules = ["wordpress"]
[servers.wordpress.wordpress]
cmdPath = "/usr/local/bin/wp"
osUser = "vagrant"
docRoot = "/var/www/html"
noSudo = true
before
$ vuls scan --debug
[Sep 6 13:35:08] INFO [localhost] vuls-v0.20.0-build-20220808_180441_1e45732
...
[Sep 6 13:35:10] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:35:10] INFO [wordpress] Scanning WordPress...
[Sep 6 13:35:10] DEBUG [localhost] Executing... sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
[Sep 6 13:35:10] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root
exitstatus: 127
stdout: bash: sudo: command not found
stderr:
err: %!s(<nil>)
[Sep 6 13:35:10] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
/home/mainek00n/go/src/github.com/future-architect/vuls/scanner/scanner.go:883
- Failed to exec `sudo -u vagrant -i -- /usr/local/bin/wp core version --path=/var/www/html --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"vagrant", DocRoot:"/var/www/html", CmdPath:"/usr/local/bin/wp"}:
github.com/future-architect/vuls/scanner.(*base).scanWordPress
/home/mainek00n/go/src/github.com/future-architect/vuls/scanner/base.go:793]
Scan Summary
================
wordpress Error Use configtest subcommand or scan with --debug to view the details
after
$ vuls scan --debug
[Sep 6 13:37:33] INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep 6 13:37:35] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:37:35] DEBUG [wordpress] Executing... printenv SHELL
[Sep 6 13:37:35] DEBUG [wordpress] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
exitstatus: 0
stdout: /bin/bash
stderr:
err: %!s(<nil>)
[Sep 6 13:37:35] INFO [wordpress] Scanning WordPress...
[Sep 6 13:37:35] DEBUG [wordpress] Executing... timeout 2 su vagrant -c exit
[Sep 6 13:37:35] DEBUG [wordpress] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; timeout 2 su vagrant -c exit
exitstatus: 0
stdout:
stderr:
err: %!s(<nil>)
[Sep 6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html'
[Sep 6 13:37:35] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html'
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html' 2>/dev/null
[Sep 6 13:37:35] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp core version --path=/var/www/html' 2>/dev/null
exitstatus: 0
stdout: 6.0.2
stderr:
err: %!s(<nil>)
[Sep 6 13:37:35] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp theme list --format=json --path=/var/www/html' 2>/dev/null
[Sep 6 13:37:37] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp theme list --format=json --path=/var/www/html' 2>/dev/null
exitstatus: 0
stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
stderr:
err: %!s(<nil>)
[Sep 6 13:37:37] DEBUG [localhost] Executing... su vagrant -c '/usr/local/bin/wp plugin list --format=json --path=/var/www/html' 2>/dev/null
[Sep 6 13:37:37] DEBUG [localhost] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l root -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; su vagrant -c '/usr/local/bin/wp plugin list --format=json --path=/var/www/html' 2>/dev/null
exitstatus: 0
stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"hello","status":"inactive","update":"none","version":"1.7.2"}]
stderr:
err: %!s(<nil>)
Scan Summary
================
wordpress ubuntu20.04 0 installed 6 WordPress pkgs
after(If the Switch User requires a Password)
config.toml
[servers.wordpress]
host = "127.0.0.1"
port = "2222"
user = "vagrant"
keyPath = "/home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key"
scanMode = ["fast"]
scanModules = ["wordpress"]
[servers.wordpress.wordpress]
cmdPath = "/usr/local/bin/wp"
osUser = "vuls"
docRoot = "/var/www/html"
noSudo = true
$ vuls scan --debug
[Sep 6 13:38:55] INFO [localhost] vuls-v0.20.2-build-20220906_135127_c380c10
...
[Sep 6 13:38:57] INFO [localhost] (1/1) wordpress is running on other
[Sep 6 13:38:57] DEBUG [wordpress] Executing... printenv SHELL
[Sep 6 13:38:57] DEBUG [wordpress] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; printenv SHELL
exitstatus: 0
stdout: /bin/bash
stderr:
err: %!s(<nil>)
[Sep 6 13:38:57] INFO [wordpress] Scanning WordPress...
[Sep 6 13:38:57] DEBUG [wordpress] Executing... timeout 2 su vuls -c exit
[Sep 6 13:38:59] DEBUG [wordpress] execResult: servername: wordpress
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-wordpress.%p -o Controlpersist=10m -l vagrant -p 2222 -i /home/mainek00n/github/github.com/MaineK00n/vuls-targets-docker/wordpress/.vagrant/machines/default/virtualbox/private_key -o PasswordAuthentication=no 127.0.0.1 stty cols 1000; timeout 2 su vuls -c exit
exitstatus: 124
stdout:
stderr:
err: %!s(<nil>)
[Sep 6 13:38:59] ERROR [localhost] Error on wordpress, err: [Failed to scan WordPress:
github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
/home/mainek00n/github/github.com/MaineK00n/vuls/scanner/scanner.go:883
- Failed to switch user without password. err: please configure to switch users without password:
github.com/future-architect/vuls/scanner.(*base).scanWordPress
/home/mainek00n/github/github.com/MaineK00n/vuls/scanner/base.go:829]
Scan Summary
================
wordpress Error Use configtest subcommand or scan with --debug to view the details
Checklist:
You don't have to satisfy all of the following.
- [ ] Write tests
- [x] Write documentation
- [x] Check that there aren't other open pull requests for the same issue/feature
- [x] Format your source code by
make fmt - [x] Pass the test by
make test - [x] Provide verification config / commands
- [x] Enable "Allow edits from maintainers" for this PR
- [x] Update the messages below
Is this ready for review?: YES
Reference
- https://github.com/vulsdoc/vuls/pull/214
(XXX >/dev/tty) >& /dev/null はユーザのシェルが /bin/sh の場合に Syntax error: Bad fd number のエラーになるので revert しました。根本的な対処は csh の場合に処理を分岐させる必要あり。
Thanks, @kurita0
It seems that unnecessary commits are mixed in. Can you rebase it or something so that only the necessary commits are included?
Please share your commands, config.toml, WordPress environment setup, before/after behavior, etc. to validate your PR.
commnads
/var/db/vuls/go/bin/vuls scan --debug -config=/usr/local/etc/vuls/config.toml \
-results-dir=/var/db/vuls/results foo
config.toml
...
[servers.foo]
host = "foo.sakura.ne.jp"
port = "22"
user = "foo"
keyPath = "/var/db/vuls/.ssh/id_rsa"
scanModules = ["wordpress"]
[servers.foo.wordpress]
cmdPath = "/usr/local/bin/wp"
osUser = "foo"
docRoot = "/home/foo/www/foo.jp"
...
before
...
[Aug 28 12:55:54] INFO [foo] Scanning WordPress...
[Aug 28 12:55:54] DEBUG [localhost] Executing... sudo -u foo -i -- /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
[Aug 28 12:55:54] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m [email protected] -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; sudo -u foo -i -- /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
exitstatus: 126
stdout: bash: line 1: /usr/local/bin/sudo: Permission denied
stderr:
err: %!s(<nil>)
[Aug 28 12:55:54] ERROR [localhost] Error on foo, err: [Failed to scan WordPress:
github.com/future-architect/vuls/scanner.Scanner.getScanResults.func1
/var/db/vuls/go/src/github.com/future-architect/vuls/scanner/serverapi.go:664
- Failed to exec `sudo -u foo -i -- /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root`. Check the OS user, command path of wp-cli, DocRoot and permission: &config.WordPressConf{OSUser:"foo", DocRoot:"/home/foo/www/foo.jp", CmdPath:"/usr/local/bin/wp"}:
github.com/future-architect/vuls/scanner.(*base).scanWordPress
/var/db/vuls/go/src/github.com/future-architect/vuls/scanner/base.go:715
...
Sakura server does not allow users to sudo.
after
...
[Aug 28 12:54:21] INFO [foo] Scanning WordPress...
[Aug 28 12:54:21] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
[Aug 28 12:54:21] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
exitstatus: 0
stdout: 6.0.1
stderr:
err: %!s(<nil>)
[Aug 28 12:54:21] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
[Aug 28 12:54:21] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
exitstatus: 0
stdout: 6.0.1
stderr:
err: %!s(<nil>)
[Aug 28 12:54:21] DEBUG [localhost] Executing... /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
[Aug 28 12:54:25] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
exitstatus: 0
stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
stderr:
err: %!s(<nil>)
[Aug 28 12:54:25] DEBUG [localhost] Executing... /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
[Aug 28 12:54:26] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root 2>/dev/null
exitstatus: 0
stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"all-in-one-wp-security-and-firewall","status":"active","update":"none","version":"4.4.12"},{"name":"autoptimize","status":"inactive","update":"none","version":"3.1.1.1"},{"name":"classic-editor","status":"inactive","update":"none","version":"1.6.2"},{"name":"disable-google-fonts","status":"inactive","update":"none","version":"2.0"},{"name":"disable-json-api","status":"active","update":"none","version":"1.7"},{"name":"imagemagick-engine","status":"active","update":"none","version":"1.7.4"},{"name":"protect-uploads","status":"inactive","update":"none","version":"0.4"},{"name":"ts-webfonts-for-sakura","status":"inactive","update":"none","version":"3.1.0"},{"name":"wp-fastest-cache","status":"active","update":"none","version":"1.0.4"},{"name":"wp-multibyte-patch","status":"active","update":"none","version":"2.9"}]
stderr:
err: %!s(<nil>)
Scan Summary
================
foo freebsd13.0-RELEASE-p12 0 installed 15 WordPress pkgs
Omit sudo if ServerInfo.User and ServerInfo.WordPress.OSUser match.
I don't think it's a good idea to base whether or not a scan user name and a WordPress user name are the same to determine whether or not a command requires permissions to execute. How about being able to set permissions to execute commands?
WPScan works on C shell
Not implement. Change shell to bas
Regarding the csh support, I would be glad if you could work on it.
For now, how about using $ echo $SHELL to determine shell?
How about implementing (%s >/dev/tty) >& /dev/null for csh, or %s 2>/dev/null for sh or bash as a command template?
I don't think it's a good idea to base whether or not a scan user name and a WordPress user name are the same to determine whether or not a command requires permissions to execute. How about being able to set permissions to execute commands?
Add noSudo to wordpress conf.
Regarding the csh support, I would be glad if you could work on it. For now, how about using $ echo $SHELL to determine shell? How about implementing (%s >/dev/tty) >& /dev/null for csh, or %s 2>/dev/null for sh or bash as a command template?
Implemented.
config.toml
...
[servers.foo]
host = "foo.sakura.ne.jp"
port = "22"
user = "foo"
keyPath = "/var/db/vuls/.ssh/id_rsa"
scanModules = ["wordpress"]
[servers.foo.wordpress]
cmdPath = "/usr/local/bin/wp"
osUser = "foo"
docRoot = "/home/foo/www/foo.jp"
noSudo = true
...
after
[Aug 30 21:03:40] INFO [foo] Scanning WordPress...
[Aug 30 21:03:40] DEBUG [localhost] Executing... /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
[Aug 30 21:03:40] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root
exitstatus: 0
stdout: 6.0.1
stderr:
err: %!s(<nil>)
[Aug 30 21:03:40] DEBUG [localhost] Executing... ( /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
[Aug 30 21:03:40] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; ( /usr/local/bin/wp core version --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
exitstatus: 0
stdout: 6.0.1
stderr:
err: %!s(<nil>)
[Aug 30 21:03:40] DEBUG [localhost] Executing... ( /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
[Aug 30 21:03:43] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; ( /usr/local/bin/wp theme list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
exitstatus: 0
stdout: [{"name":"twentytwenty","status":"inactive","update":"none","version":"2.0"},{"name":"twentytwentyone","status":"inactive","update":"none","version":"1.6"},{"name":"twentytwentytwo","status":"active","update":"none","version":"1.2"}]
stderr:
err: %!s(<nil>)
[Aug 30 21:03:43] DEBUG [localhost] Executing... ( /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
[Aug 30 21:03:45] DEBUG [localhost] execResult: servername: foo
cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/var/db/vuls/.vuls/controlmaster-%r-foo.%p -o Controlpersist=10m -l foo -p 22 -i /var/db/vuls/.ssh/id_rsa -o PasswordAuthentication=no foo.sakura.ne.jp stty cols 1000; ( /usr/local/bin/wp plugin list --format=json --path=/home/foo/www/foo.jp --allow-root > /dev/tty ) >& /dev/null
exitstatus: 0
stdout: [{"name":"akismet","status":"inactive","update":"none","version":"5.0"},{"name":"all-in-one-wp-security-and-firewall","status":"active","update":"none","version":"4.4.12"},{"name":"autoptimize","status":"inactive","update":"none","version":"3.1.1.1"},{"name":"classic-editor","status":"inactive","update":"none","version":"1.6.2"},{"name":"disable-google-fonts","status":"inactive","update":"none","version":"2.0"},{"name":"disable-json-api","status":"active","update":"none","version":"1.7"},{"name":"imagemagick-engine","status":"active","update":"none","version":"1.7.4"},{"name":"protect-uploads","status":"inactive","update":"none","version":"0.4"},{"name":"ts-webfonts-for-sakura","status":"inactive","update":"none","version":"3.1.0"},{"name":"wp-fastest-cache","status":"active","update":"none","version":"1.0.4"},{"name":"wp-multibyte-patch","status":"active","update":"none","version":"2.9"}]
stderr:
err: %!s(<nil>)
Scan Summary
================
foo freebsd13.0-RELEASE-p12 0 installed 15 WordPress pkgs
Are you going to write a document about NoSudo and its operational case? https://github.com/vulsdoc/vuls/blob/master/docs/usage-scan-wordpress.md