安装
参考:https://wpscan.com/how-to-install-wpscan/
Docker We also support Docker. Pull the repo with: docker pull wpscanteam/wpscan Example Docker command to enumerate usernames: docker run -it --rm wpscanteam/wpscan --url https://example.com/ --enumerate u
我们选择直接使用 Docker 进行扫描。
获取 API Token
需要注册后获取,https://wpscan.com/register/
测试
枚举插件 | wpscan --url target --plugins-detection passive --api-token your_api_token |
枚举易受攻击的插件 | wpscan --url target -evp --api-token your_api_token |
快速扫描指定站点 | wpscan --url target -e --api-token your_api_token |
枚举用户名 | wpscan --url target --enumerate u --api-token your_api_token |
扫描所有主题和漏洞 | wpscan --url target --enumerate vt --api-token your_api_token |
# docker run -it --rm wpscanteam/wpscan --url https://www.xxx.io/ --api-token your_api_token -e _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.8.25 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [+] URL: https://www.xxx.io/ [13.33.30.112] [+] Effective URL: https://www.xxx.io/en/ [+] Started: Fri Jun 14 10:52:45 2024 Interesting Finding(s): [+] Headers | Interesting Entries: | - server: nginx | - content-security-policy: upgrade-insecure-requests | - permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=() | - referrer-policy: strict-origin-when-cross-origin | - x-cache-group: normal | - x-cacheable: SHORT | - x-powered-by: WP Engine | - x-request-id: afb098119134d62c5252c58194270305 | - via: 1.1 4d52d2bee89a499a2c7d426aa79a8efa.cloudfront.net (CloudFront) | - x-amz-cf-pop: SIN2-P1 | - x-amz-cf-id: Hldx1XwISW_D4eLeArk8B0kIMdbeUFRrYQ6kf4TFW01eu3Kz0UiW4Q== | Found By: Headers (Passive Detection) | Confidence: 100% [+] robots.txt found: https://www.xxx.io/en/robots.txt | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% [+] This site has 'Must Use Plugins': https://www.xxx.io/en/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins [+] The external WP-Cron seems to be enabled: https://www.xxx.io/en/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 [+] WordPress version 6.5.4 identified (Latest, released on 2024-06-05). | Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection) | - https://www.xxx.io/en/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4 | Confirmed By: Style Etag (Aggressive Detection) | - https://www.xxx.io/en/wp-admin/load-styles.php, Match: '6.5.4' [+] WordPress theme in use: xxx-main | Location: https://www.xxx.io/en/wp-content/themes/xxx-main/ | Style URL: https://www.xxx.io/en/wp-content/themes/xxx-main/style.css?ver=1.5.1 | Style Name: xxx (Main) | Style URI: https://www.xxx.io/ | Description: A responsive, accessible WordPress theme for xxx. Developed to support WordPress version 5.5 and G... | Author: Aubs & Mugg | Author URI: https://aubsandmugg.com/ | | Found By: Css Style In Homepage (Passive Detection) | Confirmed By: Css Style In 404 Page (Passive Detection) | | Version: 1.5.1 (80% confidence) | Found By: Style (Passive Detection) | - https://www.xxx.io/en/wp-content/themes/xxx-main/style.css?ver=1.5.1, Match: 'Version: 1.5.1' [+] Enumerating Vulnerable Plugins (via Passive Methods) [+] Checking Plugin Versions (via Passive and Aggressive Methods) [i] No plugins Found. [+] Enumerating Vulnerable Themes (via Passive and Aggressive Methods) Checking Known Locations - Time: 00:00:00 <===============================================================> (652 / 652) 100.00% Time: 00:00:00 [+] Checking Theme Versions (via Passive and Aggressive Methods) [i] No themes Found. [+] Enumerating Timthumbs (via Passive and Aggressive Methods) Checking Known Locations - Time: 00:07:27 <=============================================================> (2575 / 2575) 100.00% Time: 00:07:27 [i] No Timthumbs Found. [+] Enumerating Config Backups (via Passive and Aggressive Methods) Checking Config Backups - Time: 00:00:09 <================================================================> (137 / 137) 100.00% Time: 00:00:09 [i] No Config Backups Found. [+] Enumerating DB Exports (via Passive and Aggressive Methods) Checking DB Exports - Time: 00:00:13 <======================================================================> (84 / 84) 100.00% Time: 00:00:13 [i] No DB Exports Found. [+] Enumerating Medias (via Passive and Aggressive Methods) (Permalink setting must be set to "Plain" for those to be detected) Brute Forcing Attachment IDs - Time: 00:00:01 <===========================================================> (100 / 100) 100.00% Time: 00:00:01 [i] No Medias Found. [+] Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs - Time: 00:00:00 <=================================================================> (10 / 10) 100.00% Time: 00:00:00 [i] No Users Found. [+] WPScan DB API OK | Plan: free | Requests Done (during the scan): 7 | Requests Remaining: 9 [+] Finished: Fri Jun 14 11:01:14 2024 [+] Requests Done: 3642 [+] Cached Requests: 12 [+] Data Sent: 840.425 KB [+] Data Received: 5.446 MB [+] Memory used: 462.02 MB [+] Elapsed time: 00:08:29
标签:00,--,xxx,笔记,Passive,wpscan,https,工具 From: https://www.cnblogs.com/Hi-blog/p/18252003/wpscan