Python中文网 - 问答频道, 解决您学习工作中的Python难题和Bug
Python常见问题
我在kali linux(2019.2)中使用Wpscan版本3.5.3,例如:
wpscan --url "http://example.com/" -f cli-no-color --random-user-agent
然后一切正常,我得到如下输出:
^{pr2}$有一天,我想用python 3捕捉这些输出,从Google我知道有三种方法:
1-使用“-o”选项输出txt文件,如下所示:
wpscan --url "http://example.com/" -f cli-no-color --random-user-agent -o result.txt
2-2用途os.popen公司(cmd)python 3中的函数,如下所示:
...
cmd = 'wpscan --url "http://example.com/" -f cli-no-color --random-user-agent'
file = os.popen(cmd)
content = file.read()
file.close()
print(content)
...
三用子流程.Popen(cmd)python 3中的函数,如下所示:
cmd = 'wpscan --url "http://example.com/" -f cli-no-color --random-user-agent'
p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, bufsize=0)
while p.poll() is None:
s = p.stdout.readline()
后来问题来了,我发现这些方法都不能输出“原始”,例如,它们都会这样输出:
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.5.3
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________
[+] URL: http://example.com/
[+] Started: Mon Jun 24 15:21:34 2019
Interesting Finding(s):
[+] http://example.com/
| Interesting Entries:
| - X-Powered-By: PHP/5.4.39
| - X-LiteSpeed-Cache: hit
| - Server: LiteSpeed
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] http://example.com/robots.txt
| Interesting Entries:
| - /wp-admin/
| - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] http://example.com/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] Upload directory has listing enabled: http://example.com/wp-content/uploads/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] http://example.com/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 4.4.18 identified (Latest, released on 2019-03-13).
| Detected By: Rss Generator (Aggressive Detection)
| - http://example.com/feed/, <generator>https://wordpress.org/?v=4.4.18</generator>
| - http://example.com/comments/feed/, <generator>https://wordpress.org/?v=4.4.18</generator>
[i] The main theme could not be detected.
[i] No plugins Found.
[i] Theme(s) Identified:
[+] twentyfifteen
| Location: http://example.com/wp-content/themes/twentyfifteen/
| Latest Version: 2.5
| Last Updated: 2019-05-07T00:00:00.000Z
| Readme: http://example.com/wp-content/themes/twentyfifteen/readme.txt
| Style URL: http://example.com/wp-content/themes/twentyfifteen/style.css
| Style Name: Twenty Fifteen
| Style URI: https://wordpress.org/themes/twentyfifteen/
| Description: Our 2015 default theme is clean, blog-focused, and designed for clarity. Twenty Fifteen's simple, st...
| Author: the WordPress team
| Author URI: https://wordpress.org/
|
| Detected By: Known Locations (Aggressive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
| Fixed in: 1.2
| References:
| - https://wpvulndb.com/vulnerabilities/7965
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3429
| - https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss-millions-of-wordpress-websites-affected-millions-of-wordpress-websites-affected.html
| - http://packetstormsecurity.com/files/131802/
| - http://seclists.org/fulldisclosure/2015/May/41
|
| The version could not be determined.
[i] No Timthumbs Found.
[i] No Config Backups Found.
[i] No DB Exports Found.
[i] User(s) Identified:
[+] admin
| Detected By: Rss Generator (Aggressive Detection)
| Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
[+] Finished: Tue Jun 25 00:41:37 2019
[+] Requests Done: 2970
[+] Cached Requests: 5
[+] Data Sent: 898.095 KB
[+] Data Received: 1.64 MB
[+] Memory used: 191.84 MB
[+] Elapsed time: 09:20:03
问题是Jetpack和wordpress搜索引擎优化漏洞是缺失的,我不知道他们去了哪里,我是否遗漏了什么?任何人都可以帮我,谢谢!在
Tags: httpsorgcmdcomhttpbyexamplewordpress
热门问题
- 为什么我的神经网络模型的准确性不能在这个训练集上得到提高?
- 为什么我的神经网络模型的权重变化不大?
- 为什么我的神经网络的成本不断增加?
- 为什么我的神经网络的输入pickle文件是19GB?
- 为什么我的神经网络给属性错误?“非类型”对象没有属性“形状”
- 为什么我的神经网络训练这么慢?
- 为什么我的神经网络输出错误?
- 为什么我的神经网络预测适用于MNIST手绘图像时是正确的,而适用于我自己的手绘图像时是不正确的?
- 为什么我的神经网络验证精度比我的训练精度高,而且它们都是常数?
- 为什么我的私人用户间聊天会显示在其他用户的聊天档案中?
- 为什么我的积分的绝对误差估计值大于积分(使用scipy.integrate.nqad)?
- 为什么我的积层回归器得分比它的组件差?
- 为什么我的移动方法不起作用?
- 为什么我的稀疏张量不能转换成张量
- 为什么我的稀疏张量不能转换成张量?
- 为什么我的程序“停止”了?
- 为什么我的程序一直试图占用所有可用的CPU
- 为什么我的程序不使用指定的代理
- 为什么我的程序不工作(python帮助中的反向函数)?
- 为什么我的程序不工作时,我使用多处理模块
热门文章
- Python覆盖写入文件
- 怎样创建一个 Python 列表?
- Python3 List append()方法使用
- 派森语言
- Python List pop()方法
- Python Django Web典型模块开发实战
- Python input() 函数
- Python3 列表(list) clear()方法
- Python游戏编程入门
- 如何创建一个空的set?
- python如何定义(创建)一个字符串
- Python标准库 [The Python Standard Library by Ex
- Python网络数据爬取及分析从入门到精通(分析篇)
- Python3 for 循环语句
- Python List insert() 方法
- Python 字典(Dictionary) update()方法
- Python编程无师自通 专业程序员的养成
- Python3 List count()方法
- Python 网络爬虫实战 [Web Crawler With Python]
- Python Cookbook(第2版)中文版
目前没有回答
相关问题 更多 >
编程相关推荐