WPScan Wordpress Security - Vulnerability Scanning
Permite encontrar vulnerabilidades en los plugins instalados. Para ello WPScan buscará entre los mas de 2220 plugins más populares y nos listará las vulnerabilades encontradas en base a las versiones. Además, y entre otras cosas, es capaz de listarnos los usuarios, versión de WordPress, nombre del theme activo, directorios, la herramienta está programada en Ruby.
Descargamos wpscan:
git clone https://github.com/wpscanteam/wpscan.git cd wpscan bundle install
El uso de WpScan es muy sencillo:
stuxnet@stuxnet:~/Pentesting/wpscan$ ruby wpscan.rb --url localhost.com
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.1r06ab77b
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
_______________________________________________________________
| URL: http://localhost.com/
| Started on Fri Oct 4 20:02:30 2013
[+] robots.txt available under 'http://localhost.com/robots.txt'
[!] The WordPress 'http://localhost.com/readme.html' file exists
[!] Full Path Disclosure (FPD) in 'http://localhost.com/wp-includes/rss-functions.php'
[+] Interesting header: SERVER:
[+] Interesting header: X-POWERED-BY: PHP/5.3.24
[+] XML-RPC Interface available under http://localhost.com/xmlrpc.php
[+] WordPress version 3.6 identified from advanced fingerprinting
[!] We have identified 5 vulnerabilities from the version number :
|
| * Title: PHP Object Injection
| * Reference: http://vagosec.org/2013/09/wordpress-php-object-injection/
| * Reference: http://www.openwall.com/lists/oss-security/2013/09/12/1
| * Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340
| * Reference: http://core.trac.wordpress.org/changeset/25325
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338
| * Reference: http://secunia.com/advisories/54803
| * Reference: http://osvdb.org/97211
|
| * Title: wp-includes/functions.php get_allowed_mime_types Function SWF / EXE File Upload XSS Weakness
| * Reference: http://core.trac.wordpress.org/changeset/25322
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739
| * Reference: http://osvdb.org/97210
|
| * Title: Crafted String URL Redirect Restriction Bypass
| * Reference: http://core.trac.wordpress.org/changeset/25323
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
| * Reference: http://secunia.com/advisories/54803
| * Reference: http://osvdb.org/97212
|
| * Title: wp-admin/includes/post.php user_ID Parameter Manipulation Post Authorship Spoofing
| * Reference: http://core.trac.wordpress.org/changeset/25321
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340
| * Reference: http://secunia.com/advisories/54803
| * Reference: http://osvdb.org/97213
|
| * Title: wp-includes/functions.php get_allowed_mime_types Function HTML File Upload XSS Weakness
| * Reference: http://core.trac.wordpress.org/changeset/25322
| * Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738
| * Reference: http://osvdb.org/97214
[+] The WordPress theme in use is Semantics v1.1
| Name: Semantics v1.1
| Location: http://localhost.com/wp-content/themes/Semantics/
| Readme: http://localhost.com/wp-content/themes/Semantics/readme.txt
| Changelog: http://localhost.com/wp-content/themes/Semantics/changelog.txt
[+] Enumerating plugins from passive detection ...
No plugins found :(
[+] Finished at Fri Oct 4 20:02:40 2013
[+] Elapsed time: 00:00:10
Exiting!
Enumeración de Usuarios con WpScan.
stuxnet@stuxnet:~/Pentesting/wpscan$ ruby wpscan.rb --url localhost.com --enumerate u
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version v2.1r06ab77b
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_
_______________________________________________________________
| URL: http://localhost.com/
| Started on Fri Oct 4 20:06:17 2013
[+] Enumerating usernames ...
[+] We found the following 2 user/s :
+----+---------+---------+
| Id | Login | Name |
+----+---------+---------+
| 1 | stuxnet | stuxnet |
| 2 | klez | Klez |
+----+---------+---------+
[+] Finished at Fri Oct 4 20:06:29 2013
[+] Elapsed time: 00:00:12
Exiting!
WPScan Wordpress Security - Vulnerability Scanning
Posted By César Calderón
Amante de todo lo relacionado con la informática, GNU/Linux, Programador, Geek. Las organizaciones gastan millones de dólares en firewalls y dispositivos de seguridad, pero tiran el dinero porque ninguna de estas medidas cubre el eslabón más débil de la cadena de seguridad: la gente que usa y administra los ordenadores.
Este comentario ha sido eliminado por el autor.
ResponderEliminar