環境
- Ruby(2.4指定されたけど2017年3月6日現在
インストール
Githubが最新版 普通にgit clone
rubyなのでbundle install
コマンド
# 念のためアプデ bundle exec ruby wpscan.rb --update # 診断開始 bundle exec ruby wpscan.rb --url www.example.com # ユーザー名の特定 bundle exec ruby wpscan.rb --url www.example.com --enumerate u # プロキシを挟む場合 bundle exec ruby wpscan.rb --url www.example.com --proxy http://8.8.8.8:8080 --proxy-auth user:password
実行例
thr3a:wpscan thr3a$ bundle exec wpscan.rb --url http://www.************************.net/ _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 2.9.2 Sponsored by Sucuri - https://sucuri.net @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_ _______________________________________________________________ [i] It seems like you have not updated the database for some time. [?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y [i] Updating the Database ... [i] Update completed. [+] URL: http://www.************************.net/ [+] Started: Sat Mar 11 09:28:41 2017 [+] robots.txt available under: 'http://www.************************.net/robots.txt' [!] The WordPress 'http://www.************************.net/readme.html' file exists exposing a version number [+] Interesting header: SERVER: Apache [+] XML-RPC Interface available under: http://www.************************.net/xmlrpc.php [+] WordPress version 4.1.16 (Released on 2017-03-06) identified from meta generator, rss generator, rdf generator, atom generator, readme, links opml [+] WordPress theme in use: xeory_base_20150528 - v0.1.3 [+] Name: xeory_base_20150528 - v0.1.3 | Location: http://www.************************.net/wp-content/themes/xeory_base_20150528/ | Style URL: http://www.************************.net/wp-content/themes/xeory_base_20150528/style.css | Theme Name: XeoryBase_TREND | Theme URI: http://xeory.jp/ | Description: Xeoryベーステーマ | Author: バズ部 | Author URI: http://bazubu.com/ [+] Enumerating plugins from passive detection ... | 1 plugin found: [+] Name: contact-form-7 - v4.1.2 | Last updated: 2017-03-03T19:29:00.000Z | Location: http://www.************************.net/wp-content/plugins/contact-form-7/ | Readme: http://www.************************.net/wp-content/plugins/contact-form-7/readme.txt [!] The version is out of date, the latest version is 4.7 [+] Finished: Sat Mar 11 09:28:54 2017 [+] Requests Done: 89 [+] Memory used: 55.051 MB [+] Elapsed time: 00:00:12