WPBullet : A Static Code Analysis For WordPress & PHP

WPBullet is a static code analysis for WordPress Plugins/Themes (and PHP). Simply clone the repository, install requirements and run the script ;

git clone https://github.com/webarx-security/wpbullet wpbullet
cd wpbullet
pip install -r requirements.txt
python wpbullet.py

Available options:

–path (required) System path or download URL
Examples:
–path=”/path/to/plugin”
–path=”https://wordpress.org/plugins/example-plugin”
–path=”https://downloads.wordpress.org/plugin/example-plugin.1.5.zip”

–enabled (optional) Check only for given modules, ex. –enabled=”SQLInjection,CrossSiteScripting”
–disabled (optional) Don’t check for given modules, ex. –disabled=”SQLInjection,CrossSiteScripting”
–cleanup (optional) Automatically remove content of .temp folder after scanning remotely downloaded plugin

$ python wpbullet.py –path=”/var/www/wp-content/plugins/plugin-name”

Also Read – Top Paying Pay per Click Affiliate Programs for Beginners

Creating Modules

Creating a module is flexible and allows for override of the BaseClass methods for each module as well as creating their own methods

Each module in Modules directory is implementing properties and methods from core.modules.BaseClass, thus each module’s required parameter is BaseClass

Once created, module needs to be imported in modules/__init__.py. Module and class name must be consistent in order to module to be loaded.

If you are opening pull request to add new module, please provide unit tests for your module as well.

Module Template

Modules/ExampleVulnerability.py

from core.modules import BaseClass

class ExampleVulnerability(object):

# Vulnerability name name = “Cross-site Scripting”
# Vulnerability severity severity = “Low-Medium”
# Functions causing vulnerability functions = [ “print” “echo” ]
# Functions/regex that prevent exploitation blacklist = [ “htmlspecialchars”, “esc_attr” ]

Overriding regex match pattern

Regex pattern is being generated in core.modules.BaseClass.build_pattern and therefore can be overwritten in each module class.

Modules/ExampleVulnerability.py

import copy…

Build dynamic regex pattern to locate vulnerabilities in given content

def build_pattern(self, content, file):
user_input = copy.deepcopy(self.user_input)

variables = self.get_input_variables(self, content)

if variables:
user_input.extend(variables)

if self.blacklist:
blacklist_pattern = r”(?!(\s?)+(.*(” + ‘|’.join(self.blacklist) + “)))”

else:
blacklist_pattern = “”

self.functions = [self.functions_prefix + x for x in self.functions]

pattern = r”((” + ‘|’.join(self.functions) + “)\s{0,}\(?\s{0,1}” + blacklist_pattern + “.*(” + ‘|’.join(user_input) + “).*)” return pattern

Testing

Running unit tests:

$ python3 -m unittest

R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

1 day ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

1 day ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

1 day ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

1 day ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

1 day ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

1 day ago