WPSeku:用于WordPress漏洞扫描的安全工具
- 发表于
- 安全工具
WPSeku介绍
WPSeku是一个黑盒WordPress漏洞扫描程序,可用于扫描WordPress的安全性,并查找漏洞,感觉和wpscan有点像,但介绍说WPSeku的想法来源于wpscan,那应该在某些方面有所突破吧。
WPSeku安装
1 2 3 4 |
$ git clone https://github.com/m4ll0k/WPSeku.git wpseku $ cd wpseku $ pip3 install -r requirements.txt $ python3 wpseku.py |
WPSeku使用
通用漏洞扫描
python3 wpseku.py --url https://www.xxxxxxx.com --verbose
暴力破解登录
python3 wpseku.py --url https://www.xxxxxxx.com --brute --user test --wordlist wl.txt --verbose
这里你应该发现了,它支持字典挂载,你可以尽情发挥。
扫描插件,主题和wordpress代码漏洞
python3 wpseku.py --scan <dir/file> --verbose
输出信息如
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
---------------------------------------- _ _ _ ___ ___ ___| |_ _ _ | | | | . |_ -| -_| '_| | | |_____| _|___|___|_,_|___| |_| v0.4.0 WPSeku - Wordpress Security Scanner by Momo Outaadi (m4ll0k) ---------------------------------------- [ + ] Target: https://www.xxxxxxx.com [ + ] Starting: 02:38:51 [ + ] Server: Apache [ + ] Uncommon header "X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php [ i ] Checking Full Path Disclosure... [ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php [ i ] Checking wp-config backup file... [ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php [ i ] Checking common files... [ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt [ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php [ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html [ i ] Checking directory listing... [ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/ [ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/ [ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/ [ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/ ...... |
原文连接:WPSeku:用于WordPress漏洞扫描的安全工具
所有媒体,可在保留署名、
原文连接
的情况下转载,若非则不得使用我方内容。