wpscan
译文
wpscan
WordPress 安全扫描器
root@kali:~# wpscan -h
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.25
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
使用方法: wpscan [options]
--url URL 要扫描的博客的 URL 允许的协议: http,
https 协议如果未提供: http 除非提供了 update help 或 hh 或version,否则该选项必须使用
-h, --help 显示简单帮助并退出
--hh 显示完整帮助并退出
--version 显示版本并退出
-v, --verbose 详细模式
--[no-]banner 是否显示标语
默认: true
-o, --output FILE 输出到 文件
-f, --format FORMAT 以提供的格式输出结果可用选项:
cli-no-colour,
cli-no-color,
json,
cli
--detection-mode MODE 默认: mixed
可选项: mixed, passive, aggressive
--user-agent, --ua VALUE
--random-user-agent, --rua 每次扫描使用随机用户代理
--http-auth login:password
-t, --max-threads VALUE 最大使用线程数
默认: 5
--throttle MilliSeconds 执行另一个网络请求前的毫秒等待时间。
如果使用,最大线程数将设为 1.
--request-timeout SECONDS 请求超时,以秒为单位
默认: 60
--connect-timeout SECONDS 连接超时,以秒为单位
默认: 30
--disable-tls-checks 禁用 SSL/TLS 证书验证,并降级至 TLS1.0+
(后者需要 cURL 7.66)
--proxy protocol://IP:port 支持的协议取决于安装的 cURL
--proxy-auth login:password
--cookie-string COOKIE 在请求中使用的 Cookie 字符串,
格式: cookie1=value1[; cookie2=value2]
--cookie-jar FILE-PATH 读写 cookie 的文件
默认: /tmp/wpscan/cookie_jar.txt
--force 不检查目标是否正在运行 WordPress 或返回 403
--[no-]update 是否更新数据库
--api-token TOKEN 用于显示漏洞数据的 WPScan API 令牌,
请访问 https://wpscan.com/profile
--wp-content-dir DIR wp-content 目录 如果自定义或者未检测到,
如 "wp-content"
--wp-plugins-dir DIR 自定义或未检测到的插件目录,
如 "wp-content/plugins"
-e, --enumerate [OPTS] 查点过程 现有选择:
vp 易受攻击的插件
ap 所有插件
p 热门插件
vt 易受攻击的主题
at 所有主题
t 热门主题
tt Timthumbs(一个用于截图的PHP程序)
cb 配置备份
dbe 数据库输出
u 用户 ID 范围.
例如: u1-5 使用的范围分隔符: '-'
默认值: 1-10
m 媒体 ID 范围. 例如 m1-15
注意:Permalink 设置必须设为 "Plain"(普通),才能检测到这些内容
要使用的范围分隔符: '-'
默认值: 1-100
数值之间的分隔符: ','
默认: 所有插件, 配置备份不存在时 参数值为: vp,vt,tt,cb,dbe,u,m
不兼容的选择(每组/每组只能使用一个):
- vp, ap, p
- vt, at, t
--exclude-content-based REGEXP_OR_STRING 在枚举期间排除所有 REGEXP_OR_STRING
(正则或字符串) 匹配的字符串(不区分大小写).
标题和正文都需要检查. 不需要正则分隔符.
--plugins-detection MODE 使用提供的模式列举插件.
默认: passive (被动)
可选项: mixed(混合),
passive(被动),
aggressive(主动)
--plugins-version-detection MODE 使用提供的模式检查插件版本.
默认: mixed
可选项: mixed(混合),
passive(被动),
aggressive(主动)
--exclude-usernames REGEXP_OR_STRING 排除用户名匹配正则/字符串(不区分大小写).
不需要正则分隔符.
-P, --passwords FILE-PATH 密码攻击时使用的密码列表.
如果没有没有使用--username/s, 将进行用户枚举.
-U, --usernames LIST 密码攻击时使用的用户名列表.
实例: 'a1', 'a1,a2,a3', '/tmp/a.txt'
--multicall-max-passwords MAX_PWD 通过 XMLRPC 多路调用请求 发送密码的最大数量
默认: 500
--password-attack ATTACK 强制使用提供的攻击,而不是自动确定攻击.
多方通话仅适用于 WP < 4.4 版
可选项: wp-login,
xmlrpc,
xmlrpc-multicall
--login-uri URI 登录界面的URL, 默认是 /wp-login.php
--stealthy --random-user-agent
--detection-mode passive
--plugins-version-detection passive
的别名(同时调用以上三个参数)
[!] 要查看全部选项列表,请使用 --hh.
原文
wpscan
WordPress Security Scanner
root@kali:~# wpscan -h
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.25
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
Usage: wpscan [options]
--url URL The URL of the blog to scan
Allowed Protocols: http, https
Default Protocol if none provided: http
This option is mandatory unless update or help or hh or version is/are supplied
-h, --help Display the simple help and exit
--hh Display the full help and exit
--version Display the version and exit
-v, --verbose Verbose mode
--[no-]banner Whether or not to display the banner
Default: true
-o, --output FILE Output to FILE
-f, --format FORMAT Output results in the format supplied
Available choices: cli-no-colour, cli-no-color, json, cli
--detection-mode MODE Default: mixed
Available choices: mixed, passive, aggressive
--user-agent, --ua VALUE
--random-user-agent, --rua Use a random user-agent for each scan
--http-auth login:password
-t, --max-threads VALUE The max threads to use
Default: 5
--throttle MilliSeconds Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
--request-timeout SECONDS The request timeout in seconds
Default: 60
--connect-timeout SECONDS The connection timeout in seconds
Default: 30
--disable-tls-checks Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
--proxy protocol://IP:port Supported protocols depend on the cURL installed
--proxy-auth login:password
--cookie-string COOKIE Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
--cookie-jar FILE-PATH File to read and write cookies
Default: /tmp/wpscan/cookie_jar.txt
--force Do not check if the target is running WordPress or returns a 403
--[no-]update Whether or not to update the Database
--api-token TOKEN The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
--wp-content-dir DIR The wp-content directory if custom or not detected, such as "wp-content"
--wp-plugins-dir DIR The plugins directory if custom or not detected, such as "wp-content/plugins"
-e, --enumerate [OPTS] Enumeration Process
Available Choices:
vp Vulnerable plugins
ap All plugins
p Popular plugins
vt Vulnerable themes
at All themes
t Popular themes
tt Timthumbs
cb Config backups
dbe Db exports
u User IDs range. e.g: u1-5
Range separator to use: '-'
Value if no argument supplied: 1-10
m Media IDs range. e.g m1-15
Note: Permalink setting must be set to "Plain" for those to be detected
Range separator to use: '-'
Value if no argument supplied: 1-100
Separator to use between the values: ','
Default: All Plugins, Config Backups
Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
Incompatible choices (only one of each group/s can be used):
- vp, ap, p
- vt, at, t
--exclude-content-based REGEXP_OR_STRING Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
Both the headers and body are checked. Regexp delimiters are not required.
--plugins-detection MODE Use the supplied mode to enumerate Plugins.
Default: passive
Available choices: mixed, passive, aggressive
--plugins-version-detection MODE Use the supplied mode to check plugins' versions.
Default: mixed
Available choices: mixed, passive, aggressive
--exclude-usernames REGEXP_OR_STRING Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
-P, --passwords FILE-PATH List of passwords to use during the password attack.
If no --username/s option supplied, user enumeration will be run.
-U, --usernames LIST List of usernames to use during the password attack.
Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
--multicall-max-passwords MAX_PWD Maximum number of passwords to send by request with XMLRPC multicall
Default: 500
--password-attack ATTACK Force the supplied attack to be used rather than automatically determining one.
Multicall will only work against WP < 4.4
Available choices: wp-login, xmlrpc, xmlrpc-multicall
--login-uri URI The URI of the login page if different from /wp-login.php
--stealthy Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive
[!] To see full list of options use --hh.