欢迎来到starnight_cyber的博客

wpscan 工具使用笔记

安装

参考:https://wpscan.com/how-to-install-wpscan/

Docker
We also support Docker. Pull the repo with:

docker pull wpscanteam/wpscan

Example Docker command to enumerate usernames:

docker run -it --rm wpscanteam/wpscan --url https://example.com/ --enumerate u

我们选择直接使用 Docker 进行扫描。

获取 API Token

需要注册后获取,https://wpscan.com/register/

测试

枚举插件 wpscan --url target --plugins-detection passive --api-token your_api_token
枚举易受攻击的插件 wpscan --url target  -evp  --api-token your_api_token
快速扫描指定站点 wpscan --url target  -e  --api-token your_api_token
枚举用户名 wpscan --url target  --enumerate u  --api-token your_api_token
扫描所有主题和漏洞 wpscan --url target  --enumerate vt  --api-token your_api_token

# docker run -it --rm wpscanteam/wpscan --url https://www.xxx.io/ --api-token your_api_token -e _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.8.25 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [+] URL: https://www.xxx.io/ [13.33.30.112] [+] Effective URL: https://www.xxx.io/en/ [+] Started: Fri Jun 14 10:52:45 2024 Interesting Finding(s): [+] Headers | Interesting Entries: | - server: nginx | - content-security-policy: upgrade-insecure-requests | - permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=() | - referrer-policy: strict-origin-when-cross-origin | - x-cache-group: normal | - x-cacheable: SHORT | - x-powered-by: WP Engine | - x-request-id: afb098119134d62c5252c58194270305 | - via: 1.1 4d52d2bee89a499a2c7d426aa79a8efa.cloudfront.net (CloudFront) | - x-amz-cf-pop: SIN2-P1 | - x-amz-cf-id: Hldx1XwISW_D4eLeArk8B0kIMdbeUFRrYQ6kf4TFW01eu3Kz0UiW4Q== | Found By: Headers (Passive Detection) | Confidence: 100% [+] robots.txt found: https://www.xxx.io/en/robots.txt | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% [+] This site has 'Must Use Plugins': https://www.xxx.io/en/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins [+] The external WP-Cron seems to be enabled: https://www.xxx.io/en/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 [+] WordPress version 6.5.4 identified (Latest, released on 2024-06-05). | Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection) | - https://www.xxx.io/en/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4 | Confirmed By: Style Etag (Aggressive Detection) | - https://www.xxx.io/en/wp-admin/load-styles.php, Match: '6.5.4' [+] WordPress theme in use: xxx-main | Location: https://www.xxx.io/en/wp-content/themes/xxx-main/ | Style URL: https://www.xxx.io/en/wp-content/themes/xxx-main/style.css?ver=1.5.1 | Style Name: xxx (Main) | Style URI: https://www.xxx.io/ | Description: A responsive, accessible WordPress theme for xxx. Developed to support WordPress version 5.5 and G... | Author: Aubs & Mugg | Author URI: https://aubsandmugg.com/ | | Found By: Css Style In Homepage (Passive Detection) | Confirmed By: Css Style In 404 Page (Passive Detection) | | Version: 1.5.1 (80% confidence) | Found By: Style (Passive Detection) | - https://www.xxx.io/en/wp-content/themes/xxx-main/style.css?ver=1.5.1, Match: 'Version: 1.5.1' [+] Enumerating Vulnerable Plugins (via Passive Methods) [+] Checking Plugin Versions (via Passive and Aggressive Methods) [i] No plugins Found. [+] Enumerating Vulnerable Themes (via Passive and Aggressive Methods) Checking Known Locations - Time: 00:00:00 <===============================================================> (652 / 652) 100.00% Time: 00:00:00 [+] Checking Theme Versions (via Passive and Aggressive Methods) [i] No themes Found. [+] Enumerating Timthumbs (via Passive and Aggressive Methods) Checking Known Locations - Time: 00:07:27 <=============================================================> (2575 / 2575) 100.00% Time: 00:07:27 [i] No Timthumbs Found. [+] Enumerating Config Backups (via Passive and Aggressive Methods) Checking Config Backups - Time: 00:00:09 <================================================================> (137 / 137) 100.00% Time: 00:00:09 [i] No Config Backups Found. [+] Enumerating DB Exports (via Passive and Aggressive Methods) Checking DB Exports - Time: 00:00:13 <======================================================================> (84 / 84) 100.00% Time: 00:00:13 [i] No DB Exports Found. [+] Enumerating Medias (via Passive and Aggressive Methods) (Permalink setting must be set to "Plain" for those to be detected) Brute Forcing Attachment IDs - Time: 00:00:01 <===========================================================> (100 / 100) 100.00% Time: 00:00:01 [i] No Medias Found. [+] Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs - Time: 00:00:00 <=================================================================> (10 / 10) 100.00% Time: 00:00:00 [i] No Users Found. [+] WPScan DB API OK | Plan: free | Requests Done (during the scan): 7 | Requests Remaining: 9 [+] Finished: Fri Jun 14 11:01:14 2024 [+] Requests Done: 3642 [+] Cached Requests: 12 [+] Data Sent: 840.425 KB [+] Data Received: 5.446 MB [+] Memory used: 462.02 MB [+] Elapsed time: 00:08:29

 

posted @ 2024-06-17 11:12  starnight_cyber  阅读(108)  评论(0编辑  收藏  举报