[Bro] wordpress passive version/plugin tester
Scott Campbell
scampbell at lbl.gov
Tue Jan 20 18:38:27 PST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Given the breakneck patch cycle that wordpress and it's mighty army of
plugins goes through, I put together a quick bit of policy that will
look out for communications between the host and api.wordpress.com and
record all the relevant data. This can probably be improved, but it
seems a nice place to start.
Code can be found here:
https://github.com/set-element/misc-scripts/blob/master/wordpress.bro
Sample software.log output looks like:
>
> nerscs-mbp:tmp scottc$ more software.log #separator \x09
> #set_separator , #empty_field (empty) #unset_field - #path
> software #open 2015-01-20-17-30-01 #fields ts host host_p
> software_type name version.major version.minor
> version.minor2 version.minor3 version.addl unparsed_version
> #types time addr port enum string count count
> count count string string 1421262142.829722 10.10.10160
> 42440 WP_PARSE::WEB_WORDPRESS_CORE Wordpress 3 4
> 1 - - 3.4.1 1421262142.829722 10.10.10160
> 42440 WP_PARSE::WEB_WORDPRESS_APP WP_PHP 5 3 3
> - - 5.3.3 1421262142.829722 10.10.10160 42440
> WP_PARSE::WEB_WORDPRESS_APP WP_MySQL 5 0 95
> - - 5.0.95 1421262143.379851 10.10.10160 42441
> WP_PARSE::WEB_WORDPRESS_PLUGIN Akismet 2 5 6 -
> - 2.5.6 1421262143.379851 10.10.10160 42441
> WP_PARSE::WEB_WORDPRESS_PLUGIN Contact+Form+Plugin 3 23
> - - - 3.23 1421262143.379851 10.10.10160
> 42441 WP_PARSE::WEB_WORDPRESS_PLUGIN Custom+Meta+Widget 1
> 4 0 - - 1.4.0 1421262143.379851
> 10.10.10160 42441 WP_PARSE::WEB_WORDPRESS_PLUGIN Hello+Dolly
> 1 6 - - - 1.6 1421262143.379851
> 10.10.10160 42441 WP_PARSE::WEB_WORDPRESS_PLUGIN
> Jetpack+by+WordPress.com 1 6 1 - -
> 1.6.1 1421262143.379851 10.10.10160 42441
> WP_PARSE::WEB_WORDPRESS_PLUGIN papercite 0 5 5
> - - 0.5.5 1421262143.379851 10.10.10160 42441
> WP_PARSE::WEB_WORDPRESS_PLUGIN Revision+Control 2 1
> - - - 2.1 1421262143.379851 10.10.10160
> 42441 WP_PARSE::WEB_WORDPRESS_PLUGIN Ultimate+TinyMCE 3
> 0 - - - 3.0 1421262143.379851
> 10.10.10160 42441 WP_PARSE::WEB_WORDPRESS_PLUGIN
> WordPress+Importer 0 6 - - -
> 0.6 #close 2015-01-20-17-30-01
enjoy!
scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlS/ESMACgkQK2Plq8B7ZBx18wCgiN7at9Iweu3TjitrdDzS7Mg3
aOQAn1ievv0WTfsk3Z/hg01oAycVwRzd
=zaMV
-----END PGP SIGNATURE-----
More information about the Bro
mailing list