WPScan - Igbe ojii WordPress vulnerability Scanner

WordPress dị na webụ niile; ọ bụ sistemụ njikwa ọdịnaya kachasị ewu ewu na nke ejiri mee ihe (CMS) n'ebe ahụ. Ọ bụ WordPress kwadoro webụsaịtị ma ọ bụ blọọgụ gị? Ị maara na ndị hackers obi ọjọọ na-awakpo saịtị WordPress mgbe niile kwa nkeji? Ọ bụrụ na ị maghị, ugbu a ị maara.

Nzọụkwụ mbụ iji chekwaa weebụsaịtị ma ọ bụ blọọgụ gị bụ ịme nyocha adịghị ike. Nke a bụ naanị ọrụ iji chọpụta oghere nchekwa nkịtị (ọhaneze mara), n'ime saịtị gị ma ọ bụ ihe owuwu ya.

N'isiokwu a, anyị ga-egosi gị otu esi etinye ma jiri WPScan, ihe nyocha efu emepụtara maka ndị ọkachamara nchekwa na ndị na-echekwa weebụsaịtị iji nwalee nchekwa nke weebụsaịtị ha.

Otu esi etinye WPScan na Linux Systems

Ụzọ akwadoro nke ịwụnye na ịgba ọsọ WPScan bụ iji ihe oyiyi Docker, nke a ga-enyere gị aka iwepụ nsogbu nrụnye (okwu ndị dabere).

Ịkwesịrị ịnwe mmemme cURL iji budata ma mee ihe odide shei nke ga-agbakwunye ebe nchekwa Docker na sistemụ gị wee wụnye ngwugwu achọrọ.

$ sudo curl -fsSL https://get.docker.com | sh

Ozugbo arụnyere Docker nke ọma, bido ọrụ ahụ, mee ka ọ malite na akpaghị aka na oge buut sistemụ wee lelee ma ọ na-agba ọsọ ma na-agba ọsọ dị ka ndị a.

# sudo systemctl start docker
# sudo systemctl enable docker
# sudo systemctl status docker

Na-esote, dọta onyonyo WPScan Docker site na iji iwu a.

$ docker pull wpscanteam/wpscan

Ozugbo ebudatara onyonyo WPScan Docker, ị nwere ike depụta onyonyo Docker na sistemụ gị site na iji iwu na-esonụ.

$ docker images

N'ileghachi anya na mmepụta sitere na screesnhot na-esote, ihe oyiyi nchekwa WPScan bụ wpscanteam/wpscan nke ị ga-eji na ngalaba na-esote.

Otu esi eme nyocha ngwa ngwa WordPress Iji WPScan

Ụzọ kachasị mfe nke ịme nyocha adịghị ike site na iji WPScan bụ ịnye URL weebụsaịtị WordPress gị dịka egosiri (dochie www.example.com na URL saịtị gị).

$ docker run wpscanteam/wpscan --url www.example.com

WPScan ga-agbalị ịchọta isi isi HTTP na-adọrọ mmasị dị ka SERVER (ụdị ihe nkesa weebụ na ụdị) na X-POWERED-BY (ụdị PHP); ọ ga-achọkwa API ọ bụla ekpughere, njikọ ndepụta RSS na ndị ọrụ.

Mgbe ahụ, ọ ga-aga n'ihu n'ịgụpụta ụdị WordPress ahụ wee lelee ma ọ dị ọhụrụ ma ọ bụ ọ bụrụ na enwere ọghọm ọ bụla metụtara nọmba ụdị achọpụtara. Na mgbakwunye, ọ ga-anwa ịchọpụta isiokwu yana plugins arụnyere iji chọpụta na ha dị ọhụrụ.

Ị nwere ike ịrụ ike okwuntughe okwuntughe na ndị ọrụ agụpụtara site na iji eriri iri atọ site na iji iwu a. Ọkọlọtọ --wordlist na --threads iji kọwapụta ndepụta okwu wee tọọ ọnụọgụ nke eri na nnabata.

$ docker run wpscanteam/wpscan --url www.example.com --wordlist wordlist_file.txt --threads 30

Iji mepụta ike mkparị okwuntughe nke ndepụta okwu na aha njirimara \admin, mee iwu a.

$ docker run wpscanteam/wpscan --url www.example.com --wordlist wordlist_file.txt --username admin

N'aka nke ọzọ, ị nwere ike tinye ndepụta okwu mpaghara na sistemụ gị n'ime akpa docker wee malite mwakpo bruteforce maka nchịkwa onye ọrụ.

$ docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url www.example.com --wordlist /wordlists/wordlist_file.txt --username admin

Iji wepụta plugins arụnyere, gbaa iwu a.

$ docker run wpscanteam/wpscan --url www.example.com --enumerate p

Ọ bụrụ na ịgụta plugins arụnyere ezughi oke, ị nwere ike ịme ngwa ngụkọ niile dịka egosiri.

$ docker run wpscanteam/wpscan --url www.example.com --enumerate

Iji mee ka nbipu ihe nrụpụta, jiri ọkọlọtọ --debug-out, wee bugharịa mmepụta n'ime faịlụ maka nyocha ọzọ.

$ docker run wpscanteam/wpscan --url www.example.com --debug-output 2>debug.log

N'ikpeazụ ma ọ dịghị ihe ọzọ, ị nwere ike imelite WPScan nchekwa data na ụdị kachasị ọhụrụ site na ịme iwu ndị a.

$ docker run wpscanteam/wpscan --update

Ị nwere ike ịlele ozi enyemaka Docker na WPS nwere iwu ndị a.

$ docker -h  
$ docker run wpscanteam/wpscan -h

WPScan Github ebe nchekwa: https://github.com/wpscanteam/wpscan

Nke ahụ bụ ihe niile ugbu a! WPScan bụ igbe ojii dị ike WordPress vulnerability scanner nke ị kwesịrị ịnwe n'ime ngwa agha nke ngwaọrụ nchekwa weebụ gị. N'ime ntuziaka a, anyị gosiri otu esi etinye WPScan na iji ihe atụ ụfọdụ bụ isi. Jụọ ajụjụ ọ bụla ma ọ bụ kọọrọ anyị echiche gị na nkọwa.