워드프레스 보안 점검 스크립트 – BASH 기반 보안 점검 스크립트

워드프레스

워드프레스 보안 점검 스크립트 – BASH 기반 보안 점검 스크립트





 

워드프레스 보안 점검 스크립트

#!/bin/bash

LANG=C
export LANG

HOSTNAME=`hostname`
FILENAME=${HOSTNAME}
OS=`uname`
DATE=`date +%Y-%m-%d`

FILENAME1=`date +%Y-%m-%d`

i=1
while read test || [ -n “$line” ] ; do

RED=’\033[0;31m’
GREEN=’\032[0;32m’
blue=’\033[0;34m’
NC=’\033[0m’ # No Color

red=’\033[0;31m’
green=’\033[0;32m’
yel=’\033[1;33m’

STATUS1_1=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-login.php”)
STATUS1_2=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-admin/”)

STATUS2_1=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-json/wp/v2/users”)
STATUS2_2=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-json/wp/v2/posts”)

STATUS3_1=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/readme.html”)
STATUS3_2=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/license.txt”)
STATUS3_3=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-config-sample.php”)

STATUS4_1=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-admin/update-core.php”)
STATUS4_2=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-admin/upgrade.php”)
STATUS4_3=$(curl -o /dev/null -X POST -s -w “%{http_code}” “https://$test/xmlrpc.php”)
STATUS4_4=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-admin/install.php”)
STATUS4_5=$(curl -o /dev/null -s -w “%{http_code}” “https://$test/wp-config.php”)






echo -e ” \n”
echo -e ” \n”
#result=$(echo -e “${blue}[+]${NC} Admin Page”)
#result=$(echo -e ” \n”)
if [ $STATUS1_1 -eq 200 ]; then
echo -e “${blue}[+]${NC} Admin Page” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Admin Page Found: https://$test/wp-login.php” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Change your WordPress login page to a unique, hard-to-guess URL.” >> $FILENAME1.log 2>&1
fi

if [ $STATUS1_2 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Admin Page” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Admin page Found: https://$test/wp-admin” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Change your WordPress login page to a unique, hard-to-guess URL.” >> $FILENAME1.log 2>&1
fi

if [ $STATUS2_1 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} User Info” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} User Infomation Found: https://$test/wp-json/wp/v2/users” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Change your WordPress login page to a unique, hard-to-guess URL.” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Plugins to Disable The REST API in WordPress. ” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Reference : https://neliosoftware.com/blog/protect-your-wordpress-by-hiding-the-rest-api/ ” >> $FILENAME1.log 2>&1
fi

if [ $STATUS2_2 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} User Info” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} User Infomation Found: https://$test/wp-json/wp/v2/posts”  >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Plugins to Disable The REST API in WordPress. ” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Change your WordPress login page to a unique, hard-to-guess URL.” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Reference : https://neliosoftware.com/blog/protect-your-wordpress-by-hiding-the-rest-api/ ” >> $FILENAME1.log 2>&1
fi






if [ $STATUS3_1 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Sensitive File Found: https://$test/readme.html” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Delete the page.” >> $FILENAME1.log 2>&1
fi
if [ $STATUS3_2 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Sensitive File Found: https://$test/license.txt” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Delete the page.” >> $FILENAME1.log 2>&1
fi

if [ $STATUS3_3 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “Sensitive File Found: (https://$test/wp-config-sample.php” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Delete the page.” >> $FILENAME1.log 2>&1
fi

if [ $STATUS4_1 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Sensitive File Found: https://$test/wp-admin/update-core.php” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Access Restrictions.” >> $FILENAME1.log 2>&1
fi

if [ $STATUS4_2 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Sensitive File Found: https://$test/wp-admin/upgrade.php” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Access Restrictions.” >> $FILENAME1.log 2>&1
fi






if [ $STATUS4_3 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Sensitive File Found: https://$test/xmlrpc.php” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Access Restrictions.” >> $FILENAME1.log 2>&1
fi

if [ $STATUS4_4 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Sensitive File Found: https://$test/wp-admin/install.php” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Access Restrictions.” >> $FILENAME1.log 2>&1
fi

if [ $STATUS4_5 -eq 200 ]; then
echo -e ” \n” >> $FILENAME1.log 2>&1
echo -e “${blue}[+]${NC} Sensitive File” >> $FILENAME1.log 2>&1
echo -e “${red}[+]${NC} Sensitive File Found: https://$test/wp-config.php” >> $FILENAME1.log 2>&1
echo -e “${yel}[+]${NC} Solution : Access Restrictions.” >> $FILENAME1.log 2>&1
fi
((i+=1))
done < test

#echo -e ” \n” >> $FILENAME.log 2>&1

date

#echo -e ” \n”

date >> $FILENAME1.log 2>&1





 

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다