WPAUDIT - Advanced WordPress Security Auditing Suite

Welcome to the official WPAUDIT documentation! This comprehensive guide provides an in-depth overview of WPAUDIT, a powerful WordPress security audit tool designed for ethical hackers, penetration testers, and security professionals. Learn about its advanced features, setup, and effective usage for conducting thorough WordPress vulnerability scanning and WordPress penetration testing.

Table of Contents

• WPAUDIT - Advanced WordPress Security Auditing Suite
  • Table of Contents
  • Overview
  • Key Features of WPAUDIT - Your Expert WordPress Vulnerability Scanner
  • Technical Architecture: How WPAUDIT Works
  • Extending WPAUDIT
  • Understanding Scan Profiles
  • The ScanState Object
  • Prerequisites
    • Software:
    • External Tools Integration:
  • Installation Guide for WPAUDIT
    • General Setup
    • Kali Linux Specific Setup
  • Development Setup
  • Usage
  • Configuration
  • Scan Phases
  • Output and Reporting
  • Contributing to WPAUDIT
    • Support the Project
  • Troubleshooting Common Issues
  • Roadmap / Future Enhancements
  • License

Overview

WPAUDIT is a hyper-configurable, modular WordPress security auditing suite engineered to automate and streamline the process of identifying vulnerabilities and security weaknesses in WordPress installations. As a leading automated WordPress security tool, WPAUDIT empowers users to perform detailed security assessments, making it an essential utility for any WordPress penetration testing tool kit, especially when operating on platforms like Kali Linux. Its modular architecture allows for highly customized scans tailored to specific target environments and auditing requirements.

Key Features of WPAUDIT - Your Expert WordPress Vulnerability Scanner

• Modular Scan Phases: Executes distinct security checks in sequence (Preflight, Nmap, WPScan, REST API Analysis, Parameter Fuzzing, Nuclei, SQLMap, Exploit Intel).
• Configurable Profiles: Supports different scan profiles (default, stealth, aggressive) for varying levels of intensity and stealthiness.
• Flexible Configuration: Uses YAML/JSON configuration files for detailed control over tool paths, API keys, scan parameters, and output settings.
• Command-Line Overrides: Allows overriding specific configuration settings directly via CLI arguments for quick adjustments.
• Phase Skipping: Users can choose to skip specific scan phases.
• Tool Dependency Checking: Verifies the presence and configuration of required external tools before starting the scan.
• State Management: Tracks scan progress and findings, saving the state incrementally.
• Reporting: Generates a console summary, a comprehensive JSON state file, and an interactive HTML report for easy analysis and sharing.
• Interactive Mode: Optionally prompts the user for confirmation before potentially intrusive actions, ensuring control over the scan.
• Cross-Platform Compatibility: While optimized for environments like Kali Linux, WPAUDIT is a Python-based tool and can run on various operating systems where Python and the external tools are supported.

Technical Architecture: How WPAUDIT Works

WPAUDIT operates through a coordinated system of core components and specialized scanner modules:

• main.py (Orchestrator): The central script that parses command-line arguments, loads configurations, initializes the scan state, and sequentially executes the defined scan phases.
• core/ Modules:
  • config_loader.py: Manages loading and merging of YAML configuration files.
  • state.py: Handles the ScanState object, which stores all findings, metadata, and progress throughout the scan. It supports saving and loading the state.
  • tool_checker.py: Verifies the availability and (optionally) versions of required external command-line tools.
  • tool_runner.py: A robust wrapper for executing external tools, managing timeouts, and capturing output.
  • utils.py: Contains various helper functions used across the application.
• modules/ Directory: Contains individual Python scripts for each scan phase or specific tool integration (e.g., nmap_scanner.py, wpscan_auditor.py, wp_analyzer/ sub-package for detailed WordPress checks). Each module typically has a run_scan or run_analysis function called by main.py.
• reporting/ Directory:
  • generator.py: Responsible for creating the text summary and HTML reports from the final ScanState.
  • report_template.html: A Jinja2 template used to render the HTML report.
• config/ Directory: Contains default configuration files (default_config.yaml) that users can adapt.

The scan proceeds through phases defined in main.py, with each phase potentially updating the shared ScanState object. This state is saved periodically and at the end of the scan, forming the basis for the final reports.

Extending WPAUDIT

WPAUDIT is designed to be modular, allowing for the addition of new scanning capabilities. If you wish to add a new scanner module:

1. Create a New Module File: Add a new Python file in the modules/ directory (or a sub-directory like modules/wp_analyzer/ for more specific WordPress checks). For example, modules/new_scanner_module.py.
2. Implement the Scan Logic:
   • Your module should typically define a main function, e.g., run_scan(target_url, scan_state, config, tool_runner, logger).
   • This function will receive the target URL, the current ScanState object, the global configuration, an instance of ToolRunner (if external tools are needed), and a logger instance.
   • Perform your checks and update the scan_state.findings dictionary with your results. For example: scan_state.findings['new_scanner_results'] = {'vulnerabilities': [...]}.
   • Use the provided logger for any output specific to your module.
3. Integrate into Main Workflow (main.py):
   • Import your module's run_scan function at the top of main.py.
   • Add a unique string key for your new phase (e.g., 'new_scanner_phase') to the PHASES list in main.py, placing it in the desired order of execution.
   • In the main scan loop within main.py (the for phase in active_phases: loop), add an elif phase == 'new_scanner_phase': block to call your module's run_scan function.
   • Ensure you pass all necessary arguments (target URL, scan state, config, tool runner, logger).
4. Configuration (Optional):
   • If your module requires specific configurations (e.g., API keys, special parameters), add them to config/default_config.yaml.
   • Access these configurations within your module via the config object passed to your run_scan function.
5. Tool Dependencies (If any):
   • If your module uses new external tools, add them to the tool_paths section in config/default_config.yaml and update core/tool_checker.py to include checks for these tools.
6. Update Documentation: Add details about your new module to this README, including its purpose, any new configuration options, and the nature of the output it produces. Also, mention it in the "Scan Phases" section.
7. Add Tests: Write unit tests for your new module's functionality and place them in the tests/ directory (you might need to create this directory and a tests/test_new_scanner_module.py file).

This modular approach helps keep the codebase organized and makes it easier to contribute new functionalities.

Understanding Scan Profiles

WPAUDIT offers scan profiles (default, stealth, aggressive) to tailor the scan intensity and techniques:

• default: A balanced profile suitable for most initial assessments, providing good coverage without being overly intrusive.
• stealth: Designed for less noisy scans. This profile typically uses passive techniques where possible, makes fewer requests, employs slower timings for tools like Nmap, and may use a more restricted set of Nuclei templates. Ideal when trying to minimize the scan's footprint or avoid detection by WAFs/IPS.
• aggressive: A comprehensive and potentially noisy profile. It enables more checks, deeper fuzzing (if configured), scans all TCP ports with Nmap using more intrusive scripts, and utilizes a broader set of Nuclei templates. This profile provides the most tho