【Kali Linux工具篇】wpscan的基本介绍与使用

介绍

WPScan是Kali Linux默认自带的一款漏洞扫描工具,它采用Ruby编写,能够扫描WordPress网站中的多种安全漏洞,其中包括主题漏洞、插件漏洞和WordPress本身的漏洞。最新版本WPScan的数据库中包含超过18000种插件漏洞和2600种主题漏洞,并且支持最新版本的WordPress。值得注意的是,它不仅能够扫描类似robots.txt这样的敏感文件,而且还能够检测当前已启用的插件和其他功能。

主要参数

参数说明
-h帮助
–url扫描站点
–update更新版本
-e vp扫描插件漏洞
-e ap扫描所有插件
-e p扫描留下插件
-e vt扫描主题漏洞
-e at扫描所有主题
-e t扫描流行主题
-U爆破指定的用户名列表
-P爆破指定的密码列表
–api-token token值扫描主题、插件漏洞时需要用到

工具使用

1、默认扫描站点
在这里插入图片描述

扫描插件

└─# wpscan --url  https://www.521daima.com/ -e p
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://www.521daima.com/ [124.220.44.19]
[+] Started: Mon May 13 01:54:07 2024

Interesting Finding(s):

[+] Headers
 | Interesting Entry: server: nginx
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] robots.txt found: https://www.521daima.com/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /wp-admin/admin-ajax.php
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://www.521daima.com/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://www.521daima.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://www.521daima.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.4.4 identified (Outdated, released on 2024-04-09).
 | Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
 |  - https://www.521daima.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.4
 | Confirmed By: Rss Generator (Aggressive Detection)
 |  - https://www.521daima.com/feed/, <generator>https://wordpress.org/?v=6.4.4</generator>
 |  - https://www.521daima.com/comments/feed/, <generator>https://wordpress.org/?v=6.4.4</generator>

[+] WordPress theme in use: zibll
 | Location: https://www.521daima.com/wp-content/themes/zibll/
 | Style URL: https://www.521daima.com/wp-content/themes/zibll/style.css
 | Style Name: 子比主题
 | Style URI: https://www.zibll.com
 | Description: Zibll 子比主题专为商城、论坛、圈子博客、自媒体、资讯类的网站设计开发▒...
 | Author: 瑞浩网络-Qinver
 | Author URI: https://www.zibll.com
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 7.1 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://www.521daima.com/wp-content/themes/zibll/style.css, Match: 'Version: 7.1'

[+] Enumerating Most Popular Plugins (via Passive Methods)

可以看到该站点使用的是zibll

扫描主题漏洞

wpscan规定扫描漏洞时,需要带上token值,才能显示出漏洞。
不带token值,不显示漏洞信息,报如下提示:
token 获取方式 https://wpscan.com/ 注册后,会获得免费的token

 wpscan --url  https://www.521daima.com/  --api-token aCiRr1E5Bdk4r9XTywvotguncaaDFQSdlN9gcc9S3v4  -e vt
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________


····
····
[+] The external WP-Cron seems to be enabled: 
[+] WordPress version 6.4.4 identified (Outdated, released on 2024-04-09).
 | Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
 |  - https://www.521daima.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.4
 | Confirmed By: Rss Generator (Aggressive Detection)
 |  - https://www.521daima.com/feed/, <generator>https://wordpress.org/?v=6.4.4</generator>
 |  - https://www.521daima.com/comments/feed/, <generator>https://wordpress.org/?v=6.4.4</generator>

[+] WordPress theme in use: zibll
 | Location: https://www.521daima.com/wp-content/themes/zibll/
 | Style URL: https://www.521daima.com/wp-content/themes/zibll/style.css
 | Style Name: 子比主题
 | Style URI: https://www.zibll.com
 | Description: Zibll 子比主题专为商城、论坛、圈子博客、自媒体、资讯类的网站设计开发▒...
 | Author: 瑞浩网络-Qinver
 | Author URI: https://www.zibll.com
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 7.1 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://www.521daima.com/wp-content/themes/zibll/style.css, Match: 'Version: 7.1'

[+] Enumerating Vulnerable Themes (via Passive and Aggressive Methods)
 Checking Known Locations - Time: 00:04:04 <===========================================================> (652 / 652) 100.00% Time: 00:04:04
[+] Checking Theme Versions (via Passive and Aggressive Methods)

[i] No themes Found.

[+] WPScan DB API OK
 | Plan: free
 | Requests Done (during the scan): 2
 | Requests Remaining: 21

[+] Finished: Mon May 13 02:02:34 2024
[+] Requests Done: 658
[+] Cached Requests: 46
[+] Data Sent: 202.294 KB
[+] Data Received: 256.026 KB
[+] Memory used: 236.398 MB
[+] Elapsed time: 00:04:11

枚举用户名

 wpscan --url  https://www.521daima.com/    -e u
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

···
···
[i] User(s) Identified:

[+] 1
 | Found By: Author Posts - Author Pattern (Passive Detection)
 | Confirmed By:
 |  Author Sitemap (Aggressive Detection)
 |   - https://www.521daima.com/wp-sitemap-users-1.xml
 |  Author Id Brute Forcing - Author Pattern (Aggressive Detection)

[+] admin
 | Found By: Wp Json Api (Aggressive Detection)
 |  - https://www.521daima.com/wp-json/wp/v2/users/?per_page=100&page=1

得到用户名admin

爆破密码

wpscan --url https://www.521daima.com/ -U admin -P /usr/share/wordlists/rockyou.txt

wpscan --url  https://www.521daima.com/  -U admin -P /usr/share/wordlists/rockyou.txt
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

···
···

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:46 <============================================================> (137 / 137) 100.00% Time: 00:00:46

[i] No Config Backups Found.

[+] Performing password attack on Xmlrpc against 1 user/s
Trying admin / peaches Time: 00:01:45 <                                                            > (238 / 14344392)  0.00%  ETA: ??:??:??

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/622685.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

力扣【旋转函数】python

如果直接用暴力的话&#xff0c;只能过4个样例好像&#xff0c;超时 因此得用递推公式 F1F0前n-1个数-(n-1)*第n个数 F0sum(nums)-n*第n个数 nlen(nums) ans[]#定义一个存最大值值的列表 ss sum(nums) dm 0 for j in range(n):dm j * nums[j] ans.append(dm) print(dm) n…

MinIO学习笔记

MINIO干什么用的&#xff1a; AI数据基础设施的对象存储 为人工智能系统提供数据支持&#xff0c;数据存储&#xff1b;对象存储&#xff08;Object Storage&#xff09;是一种数据存储架构&#xff0c;它以对象为单位来处理、存储和检索数据&#xff0c;每个对象都包含了数据本…

GitHub和huggingface镜像网站

GitHub镜像网站 gitclone 如果网络原因打不开GitHub的话&#xff0c;可以用这个网站进行克隆项目&#xff0c;将克隆代码修改一下 git clone https://github.com/comfyanonymous/ComfyUI.git 修改 git clone https://gitclone.com/github.com/comfyanonymous/ComfyUI.git 这个…

JSON在线解析及格式化验证 - JSON.cn网站

JSON在线解析及格式化验证 - JSON.cn https://www.json.cn/

docker八大架构之应用服务集群架构

应用服务集群架构 在之前&#xff0c;一个应用层要负责所有的用户操作&#xff0c;但是有时用户增加后就会导致供不应求的现象&#xff08;单个应用不足以支持海量的并发请求&#xff0c;高并发的时候站点响应变慢&#xff09;&#xff0c;这时就需要增加应用层服务器&#xf…

自动驾驶占据感知的综述:信息融合视角

24年5月香港理工的论文“A Survey on Occupancy Perception for Autonomous Driving: The Information Fusion Perspective“。 3D 占据感知技术旨在观察和理解自动驾驶车辆的密集 3D 环境。该技术凭借其全面的感知能力&#xff0c;正在成为自动驾驶感知系统的发展趋势&#x…

简单实现---基于STL的演讲比赛流程管理系统(C++实现)

前言 事先声明&#xff1a;本文章中编写的代码仅用于学习算法思想和编写基础形式使用&#xff0c;并未进行太多的代码优化&#xff0c;因此&#xff0c;若需要对代码进行优化以及异常处理的小伙伴们&#xff0c;可自行添加相关操作&#xff0c;谢谢&#xff01; 一、题…

绘图软件 excalidraw 部署流程 [ Ubuntu 22.4已验证 ]

文章目录 前置一、修改DNS二、添加docker 镜像三、pull excalidraw/excalidraw四、启动一个docker五、访问 简介&#xff1a;这篇文章介绍的是一份开源的绘图软件的部署过程 前置 安装docker&#xff1a;Ubuntu 系统&#xff0c;Docker 安装步骤 [Ubuntu 22.4已验证] 其他系…

回炉重造java----JVM

为什么要使用JVM ①一次编写&#xff0c;到处运行&#xff0c;jvm屏蔽字节码与底层的操作差异 ②自动内存管理&#xff0c;垃圾回收功能 ③数组下边越界检查 ④多态 JDK&#xff0c;JRE&#xff0c;JVM的关系 JVM组成部分 JVM的内存结构 《一》程序计数器(PC Register) 作用…

谷歌Gboard应用的语言模型创新:提升打字体验的隐私保护技术

每周跟踪AI热点新闻动向和震撼发展 想要探索生成式人工智能的前沿进展吗&#xff1f;订阅我们的简报&#xff0c;深入解析最新的技术突破、实际应用案例和未来的趋势。与全球数同行一同&#xff0c;从行业内部的深度分析和实用指南中受益。不要错过这个机会&#xff0c;成为AI领…

浦语大模型笔记

书生浦语大模型全链路开源体系 浦语大模型全链路开源体系大模型成为发展通用人工智能的重要途径书生浦语 2.0&#xff08;InternLM2&#xff09;核心理念书生浦语 2.0&#xff08;InternLM2&#xff09;的主要亮点主要亮点 1&#xff1a;超长上下文支持主要亮点 2&#xff1a;性…

网络库-libevent介绍

1.简介 libevent是一个事件驱动的网络库&#xff0c;主要用于构建可扩展的网络服务器。它提供了跨平台的API&#xff0c;支持多种事件通知机制&#xff0c;如select、poll、epoll、kqueue等。 主要组件 event: 表示一个具体的事件&#xff0c;包括事件类型、事件回调等。eve…

大模型管理工具:SWIFT

目录 一、SWIFT 介绍 二、SWIFT 安装 2.0 配置环境(可选) 2.1 使用pip进行安装 2.2 源代码安装 2.3 启动 WEB-UI 三、部署模型 3.0 deploy命令参数 3.1 原始模型 3.2 微调后模型 一、SWIFT 介绍 SWIFT&#xff08;Scalable lightWeight Infrastructure for Fine-Tuni…

golang创建式设计模式------单例模式

目录导航 1.单例模式1)什么是单例模式 2)使用场景3)实现方式1.懒汉式单例模式2.饿汉式3.双重检查式4.sysc.Once式 4)实践案例5)优缺点分析 1.单例模式 1)什么是单例模式 单例模式(Singleton Pattern)是一种常用的设计模式。单例模式的类提供了一种访问其唯一对象的方法&#…

UML快速入门篇

目录 1. UML概述 2. 类的表示 2.1. 类的表示 2.2. 抽象类的表示 2.3. 接口的表示 3. 类的属性&#xff0c;方法&#xff0c;访问权限的表示 3.1. 类的属性 3.2. 类的方法 3.3. 类的权限 4. 类的关联 4.1. 单向关联 4.2. 双向关联 4.3. 自关联 4.4. 类的聚合 4.5.…

sipeed 的 MaixCam显示图片

WiFi联网后&#xff0c;把固件升级到最新 一根tpyc-c连接线为MaixCam供电&#xff0c;点击液晶屏settings 在WiFi中设置确保联网&#xff0c;在更新MaixPy中升级固件 可以选择国内源加速&#xff0c;将固件升级到最新版 MaixVision的操作 1&#xff0c;在MaixVision左下角…

C语言(指针)6

Hi~&#xff01;这里是奋斗的小羊&#xff0c;很荣幸各位能阅读我的文章&#xff0c;诚请评论指点&#xff0c;关注收藏&#xff0c;欢迎欢迎~~ &#x1f4a5;个人主页&#xff1a;小羊在奋斗 &#x1f4a5;所属专栏&#xff1a;C语言 本系列文章为个人学习笔记&#x…

StackQueue+泛型简单理解

&#x1f341; 个人主页&#xff1a;爱编程的Tom&#x1f4ab; 本篇博文收录专栏&#xff1a;Java专栏&#x1f449; 目前其它专栏&#xff1a;c系列小游戏 c语言系列--万物的开始_ &#x1f389; 欢迎 &#x1f44d;点赞✍评论⭐收藏&#x1f496;三连支持一…

新的语言学习系统: 记忆镶嵌

摘要 记忆镶嵌是由多个关联记忆网络协同工作来完成感兴趣的预测任务。与transformer类似,记忆镶嵌具有组合能力和上下文学习能力。与transformer不同,记忆镶嵌以相对透明的方式实现这些能力。该研究在玩具示例上展示了这些能力,并且还表明记忆镶嵌在中等规模语言建模任务上的表…

JVM调优:JVM运行时数据区详解

一、前言 Java运行时数据区域划分&#xff0c;Java虚拟机在执行Java程序时&#xff0c;将其所管理的内存划分为不同的数据区域&#xff0c;每个区域都有特定的用途和创建销毁的时间。 其中&#xff0c;有些区域在虚拟机进程启动时就存在&#xff0c;而有些区域则是随着用户线程…