WPvSCAN – 扫描WordPress CMS 和插件版本

2021-06-11 10:52:10 Author: mp.weixin.qq.com
觉得文章还不错?,点我收藏




文章来源: Khan安全攻防实验室


      WPvSCAN 扫描目标网站上的 CMS WordPress 版本,并将其与最新版本进行比较。之后,它还提供了使用Offensive Security 的SearchSploit工具列出所有已知漏洞的选项。


用法

python3 wpvscan.py -t target.com

依赖

pip install -r requirements.txt


        整个脚本是用 Python 3.7 编写的,推荐使用它以获得最佳功能。在旧版本中可能无法正常工作。Python 可从官方网站免费下载所有平台。


        脚本为找到的 WordPress 版本提供了漏洞利用。SearchSploit 可以从官方GitHub 存储库安装


#!/usr/bin/env python3# Name: WPvSCAN# https://github.com/cyb3rd3s/WPvSCAN# Author: Roman Kulich @ 2020# Version: v1.0.6import bs4 as bsimport urllib.requestimport osimport argparseimport requestsimport sys
TGREEN = '\033[32m' # Green TextTWHITE = '\033[37m' # White textTRED = '\033[31m' # White textTYELL = '\033[33m' # Yellow text
print(''' __ _______ _____ _____ _ _ \ \ / / __ \ / ____|/ ____| /\ | \ | | \ \ /\ / /| |__) |_ _| (___ | | / \ | \| | \ \/ \/ / | ___/\ \ / /\___ \| | / /\ \ | . ` | \ /\ / | | \ V / ____) | |____ / ____ \| |\ | \/ \/ |_| \_/ |_____/ \_____/_/ \_\_| \_| v1.0.6''')
response = requests.get('https://api.wordpress.org/core/version-check/1.7/')json = response.json()
parser = argparse.ArgumentParser()parser.add_argument("-t", help="target url", dest='domain')args = parser.parse_args()
website = args.domainif website is None: print(TRED + 'Missing target! ==>',TWHITE + TGREEN + 'Usage: python3 wpvscan.py -t target.com',TWHITE) print() sys.exit()
if website: if 'https://' in website: #Remove http or https to prevent errors website = website.strip('https://') elif 'http://' in website: website = website.strip('http://')
url = 'http://'+ website #Use http by default. If website uses https, request will change to https automaticallyadmin_url = url + '/wp-admin'
WPcheck = requests.get(admin_url) #Temporary solution how to determine, if website is running on WordPress :)
if WPcheck.status_code == 200: source = urllib.request.urlopen(url).read() soup = bs.BeautifulSoup(source,'lxml') WP_check = soup.find(attrs={'name' : 'generator'}) WP_pars = WP_check['content'] WP_name = WP_pars[0:9] WP_version = WP_pars[10:15] WP_now = str(json['offers'][0]['version'])else: print(TRED,'Website is not running on WordPress!',TWHITE)
if website is None: print(TRED + "Missing target! ==>",TWHITE + TGREEN + "Usage: python3 wpvscan.py -t target.com",TWHITE) print("") sys.exit()else: WPcheck = requests.get('https://'+ website + '/wp-admin') #Temporary solution how to determine, if website is running on WordPress :)
if WPcheck.status_code == 200: source = urllib.request.urlopen('https://'+ website).read() soup = bs.BeautifulSoup(source,'lxml') WP_check = soup.find(attrs={'name' : 'generator'}) WP_pars = WP_check['content'] WP_name = WP_pars[0:9] WP_version = WP_pars[10:15] WP_now = str(json['offers'][0]['version'])else: print(TRED,"Website is not running on WordPress!",TWHITE) print("") sys.exit()
print(" ")if WP_version == WP_now: print(TGREEN + "[+]",TWHITE + "Target website " + website + " is running on CMS " + WP_name + " of version " + TGREEN + WP_version,TWHITE)else: print(TRED + "[!]",TWHITE + "Target website " + website + " is running on CMS " + WP_name + " of version " + TRED + WP_version,TWHITE)print(TGREEN + "[+]",TWHITE + "Latest version is " + TGREEN + WP_now,TWHITE)
searchsploit = input("Do you want to use searchsploit to check exploits for this version? (y/n) ")if searchsploit == "y": print(" ") print(os.system("searchsploit " + WP_pars))else: print(TGREEN + "Finished",TWHITE)


推荐文章++++

*WordPress 插件 wpDiscuz 7.0.4 – 任意文件上传漏洞 EXP

*WordPress-Brute-Force - 暴力破解 WordPress





觉得文章还不错?,点我收藏



如果文章侵犯到您的版权,请联系我:buaq.net[#]pm.me