wpscan 工具使用笔记

安装

参考：https://wpscan.com/how-to-install-wpscan/

Docker
We also support Docker. Pull the repo with:

docker pull wpscanteam/wpscan

Example Docker command to enumerate usernames:

docker run -it --rm wpscanteam/wpscan --url https://example.com/ --enumerate u

我们选择直接使用 Docker 进行扫描。

^{获取 API Token}

需要注册后获取，https://wpscan.com/register/

测试

枚举插件	wpscan --url target --plugins-detection passive --api-token your_api_token
枚举易受攻击的插件	wpscan --url target  -evp  --api-token your_api_token
快速扫描指定站点	wpscan --url target  -e  --api-token your_api_token
枚举用户名	wpscan --url target  --enumerate u  --api-token your_api_token
扫描所有主题和漏洞	wpscan --url target  --enumerate vt  --api-token your_api_token

# docker run -it --rm wpscanteam/wpscan --url https://www.xxx.io/ --api-token your_api_token -e
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
 
WordPress Security Scanner by the WPScan Team
Version 3.8.25
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
 
[+] URL: https://www.xxx.io/ [13.33.30.112]
[+] Effective URL: https://www.xxx.io/en/
[+] Started: Fri Jun 14 10:52:45 2024
 
Interesting Finding(s):
 
[+] Headers
| Interesting Entries:
| - server: nginx
| - content-security-policy: upgrade-insecure-requests
| - permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
| - referrer-policy: strict-origin-when-cross-origin
| - x-cache-group: normal
| - x-cacheable: SHORT
| - x-powered-by: WP Engine
| - x-request-id: afb098119134d62c5252c58194270305
| - via: 1.1 4d52d2bee89a499a2c7d426aa79a8efa.cloudfront.net (CloudFront)
| - x-amz-cf-pop: SIN2-P1
| - x-amz-cf-id: Hldx1XwISW_D4eLeArk8B0kIMdbeUFRrYQ6kf4TFW01eu3Kz0UiW4Q==
| Found By: Headers (Passive Detection)
| Confidence: 100%
 
[+] robots.txt found: https://www.xxx.io/en/robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
 
[+] This site has 'Must Use Plugins': https://www.xxx.io/en/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins
 
[+] The external WP-Cron seems to be enabled: https://www.xxx.io/en/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
 
[+] WordPress version 6.5.4 identified (Latest, released on 2024-06-05).
| Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
| - https://www.xxx.io/en/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4
| Confirmed By: Style Etag (Aggressive Detection)
| - https://www.xxx.io/en/wp-admin/load-styles.php, Match: '6.5.4'
 
[+] WordPress theme in use: xxx-main
| Location: https://www.xxx.io/en/wp-content/themes/xxx-main/
| Style URL: https://www.xxx.io/en/wp-content/themes/xxx-main/style.css?ver=1.5.1
| Style Name: xxx (Main)
| Style URI: https://www.xxx.io/
| Description: A responsive, accessible WordPress theme for xxx. Developed to support WordPress version 5.5 and G...
| Author: Aubs & Mugg
| Author URI: https://aubsandmugg.com/
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.5.1 (80% confidence)
| Found By: Style (Passive Detection)
| - https://www.xxx.io/en/wp-content/themes/xxx-main/style.css?ver=1.5.1, Match: 'Version: 1.5.1'
 
[+] Enumerating Vulnerable Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
 
[i] No plugins Found.
 
[+] Enumerating Vulnerable Themes (via Passive and Aggressive Methods)
Checking Known Locations - Time: 00:00:00 <===============================================================> (652 / 652) 100.00% Time: 00:00:00
[+] Checking Theme Versions (via Passive and Aggressive Methods)
 
[i] No themes Found.
 
[+] Enumerating Timthumbs (via Passive and Aggressive Methods)
Checking Known Locations - Time: 00:07:27 <=============================================================> (2575 / 2575) 100.00% Time: 00:07:27
 
[i] No Timthumbs Found.
 
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:09 <================================================================> (137 / 137) 100.00% Time: 00:00:09
 
[i] No Config Backups Found.
 
[+] Enumerating DB Exports (via Passive and Aggressive Methods)
Checking DB Exports - Time: 00:00:13 <======================================================================> (84 / 84) 100.00% Time: 00:00:13
 
[i] No DB Exports Found.
 
[+] Enumerating Medias (via Passive and Aggressive Methods) (Permalink setting must be set to "Plain" for those to be detected)
Brute Forcing Attachment IDs - Time: 00:00:01 <===========================================================> (100 / 100) 100.00% Time: 00:00:01
 
[i] No Medias Found.
 
[+] Enumerating Users (via Passive and Aggressive Methods)
Brute Forcing Author IDs - Time: 00:00:00 <=================================================================> (10 / 10) 100.00% Time: 00:00:00
 
[i] No Users Found.
 
[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 7
| Requests Remaining: 9
 
[+] Finished: Fri Jun 14 11:01:14 2024
[+] Requests Done: 3642
[+] Cached Requests: 12
[+] Data Sent: 840.425 KB
[+] Data Received: 5.446 MB
[+] Memory used: 462.02 MB
[+] Elapsed time: 00:08:29