wpscan使用方法

http://vipscu.blog.163.com/blog/static/18180837220122139348819/


WPScan 基本功能:

  1. Wordpress 版本检测和主题检测
  2. Wordpress 插件安全检测
  3. 密码的暴力破解
  4. 可以指定代理
  
  源码获取地址: http://code.google.com/p/wpscan/source/checkout
  
  常用命令:
--url The WordPress URL/domain to scan.

--enumerate Enumeration.

u users

v version

p plugins

t timthumb

--wordlist Supply a wordlist for the password bruter and do the brute.

--threads The number of threads to use when multi-threading requests.

--username Only brute force the supplied username.

--generate_plugin_list Generate a new data/plugins.txt file. (supply number of pages to parse)

-h This help screen.

-v Verbose output.
  
  实例:
 
   

ruby ./wpscan.rb --url www.example.com


Do wordlist password brute force on enumerated users using 50 threads...

ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50


Do wordlist password brute force on the 'admin' username only...

ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin


Generate a new 'most popular' plugin list, up to 150 pages...

ruby ./wpscan.rb --generate_plugin_list 150


Enumerate instaled plugins...

ruby ./wpscan.rb --url www.example.com --enumerate p


root@bt:/pentest/web/wpscan# ruby wpscan.rb -h

____________________________________________________
 __          _______   _____                  
 \ \        / /  __ \ / ____|                 
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v1.1

  WordPress Security Scanner by ethicalhack3r.co.uk
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________




Help:

--url                           The WordPress URL/domain to scan.
--enumerate                     Enumeration.
u                               users
v                               version
p                               plugins
t                               timthumb
--wordlist                      Supply a wordlist for the password bruter and do the brute.
--threads                       The number of threads to use when multi-threading requests.
--username                      Only brute force the supplied username.
--generate_plugin_list          Generate a new data/plugins.txt file. (supply number of *pages* to parse)
--force                         Forces WPScan to not check if the remote site is running WordPress.
-h                              This help screen.
-v                              Verbose output.

http://wpscan.org/


https://github.com/wpscanteam/wpscan


你可能感兴趣的:(wordpress)