wpscan使用方法
来源:互联网 发布:普华永道税务 知乎 编辑:程序博客网 时间:2024/06/15 21:20
http://vipscu.blog.163.com/blog/static/18180837220122139348819/
WPScan 基本功能:
- Wordpress 版本检测和主题检测
- Wordpress 插件安全检测
- 密码的暴力破解
- 可以指定代理
源码获取地址:http://code.google.com/p/wpscan/source/checkout
常用命令:
--urlThe WordPress URL/domain to scan.--enumerateEnumeration.uusersvversionppluginsttimthumb--wordlistSupply a wordlist for the password bruter and do the brute.--threadsThe number of threads to use when multi-threading requests.--usernameOnly brute force the supplied username.--generate_plugin_listGenerate a new data/plugins.txt file. (supply number of pages to parse)-hThis help screen.-vVerbose output.
实例:
ruby ./wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150
Enumerate instaled plugins...
ruby ./wpscan.rb --url www.example.com --enumerate p
root@bt:/pentest/web/wpscan# ruby wpscan.rb -h____________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1 WordPress Security Scanner by ethicalhack3r.co.uk Sponsored by the RandomStorm Open Source Initiative_____________________________________________________Help:--url The WordPress URL/domain to scan.--enumerate Enumeration.u usersv versionp pluginst timthumb--wordlist Supply a wordlist for the password bruter and do the brute.--threads The number of threads to use when multi-threading requests.--username Only brute force the supplied username.--generate_plugin_list Generate a new data/plugins.txt file. (supply number of *pages* to parse)--force Forces WPScan to not check if the remote site is running WordPress.-h This help screen.-v Verbose output.
http://wpscan.org/
https://github.com/wpscanteam/wpscan
- wpscan使用方法
- WPScan 1.1
- WPScan使用
- kali linux wpscan wordpress
- wordpress 入侵 wpscan
- ubuntu安装wpscan
- WPScan初体验
- WPScan初体验
- WPScan初体验
- WPScan初体验
- WPScan初体验
- WPScan初体验
- 各版本OS安装wpscan
- WordPress漏洞扫描工具WPScan
- wordpress漏洞扫描工具使用(wpscan实战)
- 自己动手之WPscan windows版 (wordpress scan)
- 攻击Wordpress应用程序(使用WPSCAN)
- Kali Linux WPScan更新到2.9.3
- DTD - XML验证文件
- java 泛型详解
- 80后开网店卖故事:1500多位为感觉而埋单
- C语言指针总结
- Servlet学习笔记
- wpscan使用方法
- Web Service 代理类组成
- java程序开发的三个步骤
- 16道嵌入式C语言面试题(经典)
- android中常用的弹出提示框
- 初创博客
- uva11889 Benefit
- 互联网创业并不容易 找准目标客户是关键
- English Idioms of Emotion