テクトレ!

ParrotOSにwpscanをインストール

gemでインストールするだけですが、ParrotOS6系にはwpscanがプリインストールされていないようなのでインストールした記録

┌─[✗]─[parrot@parrot]─[~]
└──╼ $sudo gem install wpscan
Fetching ruby-progressbar-1.13.0.gem
...
Done installing documentation for yajl-ruby, ffi, ethon, typhoeus, sys-proctable, ruby-progressbar, public_suffix, concurrent-ruby, opt_parse_validator, get_process_mem, cms_scanner, wpscan after 9 seconds
12 gems installed

動作確認、問題なくターゲットに対して情報収集ができているようなのでよし。

┌─[parrot@parrot]─[~]
└──╼ $wpscan --url https://example.com
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.25
                               
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

[+] URL: https://example.com/ [xxx.xxx.xxx.xxx]
[+] Started: Sat Apr  6 23:49:53 2024

Interesting Finding(s):

[+] Headers
 | Interesting Entry: server: nginx
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://example.com/cms/xmlrpc.php
 | Found By: Link Tag (Passive Detection)
 | Confidence: 100%
 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://example.com/cms/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] This site has 'Must Use Plugins': https://example.com/cms/wp-content/mu-plugins/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 80%
 | Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://example.com/cms/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.2.4 identified (Outdated, released on 2024-01-30).
 | Found By: Rss Generator (Passive Detection)
 |  - https://example.com/feed, <generator>https://wordpress.org/?v=6.2.4</generator>
 |  - https://example.com/comments/feed, <generator>https://wordpress.org/?v=6.2.4</generator>
 |  - https://example.com/home/feed, <generator>https://wordpress.org/?v=6.2.4</generator>

[+] WordPress theme in use: v_6.8.0
 | Location: https://example.com/cms/wp-content/themes/v_6.8.0/
 | Style URL: https://example.com/cms/wp-content/themes/v_6.8.0/style.css
 | Style Name: v_6.8.0
 |
 | Found By: Css Style In Homepage (Passive Detection)
 | Confirmed By: Css Style In 404 Page (Passive Detection)
 |
 | Version: 6.8 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://example.com/cms/wp-content/themes/v_6.8.0/style.css, Match: 'Version: 6.8'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] adrotate
 | Location: https://example.com/cms/wp-content/plugins/adrotate/
 | Latest Version: 5.12.9 (up to date)
 | Last Updated: 2024-02-21T00:09:00.000Z
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 5.12.9 (80% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://example.com/cms/wp-content/plugins/adrotate/readme.txt

[+] wp-rocket
 | Location: https://example.com/cms/wp-content/plugins/wp-rocket/
 |
 | Found By: Comment (Passive Detection)
 |
 | Version: 3.15.10 (60% confidence)
 | Found By: Translation File (Aggressive Detection)
 |  - https://example.com/cms/wp-content/plugins/wp-rocket/languages/rocket.pot, Match: 'Project-Id-Version: WP Rocket 3.15.10'

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:05 <==================================================> (137 / 137) 100.00% Time: 00:00:05

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Sat Apr  6 23:50:09 2024
[+] Requests Done: 198
[+] Cached Requests: 6
[+] Data Sent: 64.521 KB
[+] Data Received: 22.121 MB
[+] Memory used: 277.262 MB
[+] Elapsed time: 00:00:15