首页 渗透工具 正文
  • 本文约1598字,阅读需8分钟
  • 3264
  • 0

WPSeku:用于WordPress漏洞扫描的安全工具

WPSeku介绍

WPSeku是一个黑盒WordPress漏洞扫描程序,可用于扫描WordPress的安全性,并查找漏洞,感觉和wpscan有点像,但介绍说WPSeku的想法来源于wpscan,那应该在某些方面有所突破吧。

WPSeku:用于Wordpress漏洞扫描的安全工具
WPSeku扫描工具界面

WPSeku安装

WPSeku使用

通用漏洞扫描

python3 wpseku.py --url https://www.xxxxxxx.com --verbose

暴力破解登录

python3 wpseku.py --url https://www.xxxxxxx.com --brute --user test --wordlist wl.txt --verbose

这里你应该发现了,它支持字典挂载,你可以尽情发挥。

扫描插件,主题和wordpress代码漏洞

python3 wpseku.py --scan <dir/file> --verbose

输出信息如

----------------------------------------
 _ _ _ ___ ___ ___| |_ _ _ 
| | | | . |_ -| -_| '_| | |
|_____|  _|___|___|_,_|___|
      |_|             v0.4.0

WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------

[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:38:51

[ + ] Server: Apache
[ + ] Uncommon header "X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php
[ i ] Checking Full Path Disclosure...
[ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php
[ i ] Checking wp-config backup file...
[ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php
[ i ] Checking common files...
[ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt
[ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php
[ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html
[ i ] Checking directory listing...
[ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/
[ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/
[ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/
[ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/
......
温馨提示:本文最后更新于2019年8月14日 22:44,若内容或图片失效,请在下方留言或联系博主。
评论
更换验证码