Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources. As you can imagine, this was quite the challenge as each and every data source came with its own set of quirks:
- Were we legally allowed to use the data in our own product?
- Did we need special authentication/authorization to access the data?
- Was the data presented in an easy to consume, machine readable format?
- How often would the format change, and how would that disruption affect us?
Some sources were gracious enough to provide easy-to-consume data, usually in the form of an XML feed or Common Vulnerability Reporting Format (CVRF), but these were the exception rather than the rule.
At Wordfence, we not only provide our curated WordPress vulnerability database for free, but we also provide a fully featured, completely unrestricted API to leverage this data for your own needs. Whether you’re a security or vulnerability analyst, penetration tester, data scientist, cyber-hobbyist, or even a commercial for-profit organization, you can use our data at no cost!
Celebrating 6 Months of Free Access to the Wordfence Threat Intelligence Vulnerability Feed
We’re marking the 6-month anniversary of our free Wordfence Threat Intelligence Vulnerability Feed by showcasing some of the most innovative projects that are using our API. Check them out and get inspired to create your own!
WP-CLI Vulnerability Scanner
https://github.com/10up/wpcli-vulnerability-scanner
The WP-CLI Vulnerability Scanner is a tool developed by 10up. It’s designed to check for vulnerabilities in WordPress core, plugins, and themes. The tool allows users to choose their preferred vulnerability database for scanning. Among the options, which include WPScan and Patchstack, the Wordfence Vulnerability Data Feed stands out. Wordfence is the only vulnerability database that offers free access without the need for an API token.
The WP-CLI Vulnerability Scanner can be installed as a WP-CLI package or as a regular WordPress plugin, and it provides a variety of output formats. You can schedule it to run regular scans, ensuring your WordPress site remains secure. The project is actively maintained by 10up.
Nuclei + Wordfence
https://github.com/topscoder/nuclei-wordfence-cve
The Nuclei + Wordfence project, developed by topscoder, offers a large collection of Nuclei templates for scanning WordPress for vulnerabilities. The templates are based on vulnerability reports from Wordfence. The project provides over 8000 templates, primarily focused on WordPress plugins, but also covering themes and core vulnerabilities. To use the templates, users need to install Nuclei and this repository. The project provides examples of commands for scanning for specific vulnerabilities or focusing on critical ones.
wpfinger
https://github.com/LeakIX/wpfinger
wpfinger is a WordPress scanning tool designed for red team operations. It offers several features, including:
- Detection of WordPress core versions
- Plugin scanning through fingerprinting
- Vulnerability output, using the database from Wordfence
The tool provides options to scan for all plugins or only those that are vulnerable. You can install wpfinger either from pre-built binaries available on the project’s GitHub Releases page or directly from the source code.
Accessing and Consuming the Vulnerability Data Feed via API
Accessing the Wordfence Vulnerability Data Feed API is straightforward and does not require any authentication. There are two versions of the feed available to support different use cases:
- Production Feed: This feed provides data about vulnerabilities for which complete details are available. It may not include all records that are available in the Scanner Feed. You can access the Production Feed with the following GET request:
- Scanner Feed: This feed contains only detection information and includes new vulnerabilities that do not yet have enough information to be included in the Production Feed. You can access the Scanner Feed with the following GET request:
GET /api/intelligence/v2/vulnerabilities/production
Host: www.wordfence.com
GET /api/intelligence/v2/vulnerabilities/scanner
Host: www.wordfence.com
Both feeds return the complete feed and do not accept any additional parameters. The data is provided in JSON format, with the root element being an object where the keys are UUIDs assigned by Wordfence to each vulnerability. This allows flexibility in parsing the feed; it can easily be loaded into either a map (keyed by UUID) or just a sequential array, depending on how the data is to be used.
More details can be found via the API documentation.
Conclusion
If you’re interested in acquiring high quality vulnerability data for use in your project, it can be a difficult and time consuming proposition. As leaders in WordPress cybersecurity, Wordfence knows that vulnerability data comes from the research community, and should therefore be a community resource. We hope these projects inspire you to create your own tools using our free Wordfence Vulnerability Data Feed API. We can’t wait to see what you come up with! Share your projects with us at wfi-support@wordfence.com.
The post Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too! appeared first on Wordfence.