DEV Community

Cover image for Using Node.js to Parse a JSON File Generated from WPScan
Adem Kouki
Adem Kouki

Posted on

Using Node.js to Parse a JSON File Generated from WPScan

WPScan is a popular tool for performing security assessments on WordPress websites.
It generates a detailed report of any vulnerabilities it finds, including information about the affected plugin, theme, or version of WordPress.
We can generate a report (typically output as a JSON file), which can be difficult to parse and analyze manually.

In this tutorial, we will walk through how to use Node.js to parse a JSON file generated by WPScan and extract meaningful information from it.
We will also use the popular ExcelJS library to create an Excel spreadsheet with a table of all the vulnerabilities found by WPScan.

npm init -y
npm i exceljs
Enter fullscreen mode Exit fullscreen mode

First, we will import the fs module and use the readFileSync function to read the JSON file into a string. Then, we will use JSON.parse to convert the string into a JavaScript object.

import { readFileSync } from "fs";

const file = readFileSync("./wpscan_output.json", "utf8");
const data = JSON.parse(file);
Enter fullscreen mode Exit fullscreen mode

Next, we will extract the vulnerabilities found in the version of WordPress, the main theme, and the plugins.
We will store these vulnerabilities in separate arrays and then combine them into a single array using the spread operator (...).

const version_vulnerabilities = data.version.vulnerabilities;
const main_theme_vulnerabilities = data.main_theme.vulnerabilities;
const plugins_vulnerabilities = Object.values(data.plugins)
  .map((plugin) => plugin.vulnerabilities)
  .flat();
const vulnerabilities = [
  ...version_vulnerabilities,
  ...main_theme_vulnerabilities,
  ...plugins_vulnerabilities,
];
Enter fullscreen mode Exit fullscreen mode

Now that we have all the vulnerabilities in a single array,
we can use ExcelJS to create an Excel spreadsheet with a table of these vulnerabilities.
We start by creating a new workbook and a new worksheet. Then, we define the columns of the table and their corresponding keys in the data.

import exceljs from "exceljs";

const workbook = new exceljs.Workbook();
const worksheet = workbook.addWorksheet("Vulnerabilities");
worksheet.columns = [
  { header: "Title", key: "title", width: 50 },
  { header: "Fixed in", key: "fixed_in", width: 10 },
  { header: "URL", key: "url", width: 50 },
  { header: "WPVulnDB", key: "wpvulndb", width: 50 },
  { header: "CVE", key: "cve", width: 50 },
];
Enter fullscreen mode Exit fullscreen mode

Then, we can iterate through the vulnerabilities array and add a row to the table for each vulnerability.
We create an object for each vulnerability with the appropriate keys and values, and then pass this object to the addRow function.

vulnerabilities.forEach((vulnerability) => {
  let vulObj = {
    title: vulnerability.title,
    fixed_in: vulnerability.fixed_in,
    url: vulnerability.references.url,
    wpvulndb: vulnerability.references.wpvulndb?.join("\n") || "-",
    cve: vulnerability.references.cve?.join("\n") || "-",
  };
  worksheet.addRow(vulObj);
});

// make wrap text (optional)
worksheet.columns.forEach((column) => {
  column.style = { alignment: { wrapText: true } };
});
Enter fullscreen mode Exit fullscreen mode

Finally, we can write the Excel file to disk using the writeFile function.

workbook.xlsx.writeFile("vulnerabilities.xlsx").then(() => {
  console.log("Excel file is written.");
});
Enter fullscreen mode Exit fullscreen mode

Tada! The final code:

import { readFileSync } from "fs";
import exceljs from "exceljs";
const file = readFileSync("./wpscan_output.json", "utf8");
const data = JSON.parse(file);

const interesting_findings = data.interesting_findings;
const version_vulnerabilities = data.version.vulnerabilities;
const main_theme_vulnerabilities = data.main_theme.vulnerabilities;
const plugins_vulnerabilities = Object.values(data.plugins)
  .map((plugin) => plugin.vulnerabilities)
  .flat();
const vulnerabilities = [
  ...version_vulnerabilities,
  ...main_theme_vulnerabilities,
  ...plugins_vulnerabilities,
];
const workbook = new exceljs.Workbook();
const worksheet = workbook.addWorksheet("Vulnerabilities");
worksheet.columns = [
  { header: "Title", key: "title", width: 50 },
  { header: "Fixed in", key: "fixed_in", width: 10 },
  { header: "URL", key: "url", width: 50 },
  { header: "WPVulnDB", key: "wpvulndb", width: 50 },
  { header: "CVE", key: "cve", width: 50 },
];
const vulnerabilities_count = vulnerabilities.length;
console.log(
  `There are ${vulnerabilities_count} vulnerabilities in this website.`
);

vulnerabilities.forEach((vulnerability) => {
  let vulObj = {
    title: vulnerability.title,
    fixed_in: vulnerability.fixed_in,
    url: vulnerability.references.url,
    wpvulndb: vulnerability.references.wpvulndb?.join("\n") || "-",
    cve: vulnerability.references.cve?.join("\n") || "-",
  };
  worksheet.addRow(vulObj);
});

// wrap text
worksheet.columns.forEach((column) => {
  column.style = { alignment: { wrapText: true } };
});

workbook.xlsx.writeFile("vulnerabilities.xlsx").then(() => {
  console.log("Excel file is written.");
});
Enter fullscreen mode Exit fullscreen mode

And that's it!
With just a few lines of code, we were able to parse a WPScan JSON report and create an Excel spreadsheet with a table of all the vulnerabilities found. This can be a useful tool for quickly analyzing the results of a WPScan scan and identifying areas that need to be fixed.

I hope you found this tutorial helpful.

Top comments (1)

Collapse
 
zeroday profile image
Zeroday Co., Ltd.

hi, want to know more