我在kali linux(2019.2)中使用Wpscan版本3.5.3,例如:
wpscan --url "http://example.com/" -f cli-no-color --random-user-agent
然后一切正常,我得到如下输出:
^{pr2}$有一天,我想用python 3捕捉这些输出,从Google我知道有三种方法:
1-使用“-o”选项输出txt文件,如下所示:
wpscan --url "http://example.com/" -f cli-no-color --random-user-agent -o result.txt
2-2用途os.popen公司(cmd)python 3中的函数,如下所示:
...
cmd = 'wpscan --url "http://example.com/" -f cli-no-color --random-user-agent'
file = os.popen(cmd)
content = file.read()
file.close()
print(content)
...
三用子流程.Popen(cmd)python 3中的函数,如下所示:
cmd = 'wpscan --url "http://example.com/" -f cli-no-color --random-user-agent'
p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, bufsize=0)
while p.poll() is None:
s = p.stdout.readline()
后来问题来了,我发现这些方法都不能输出“原始”,例如,它们都会这样输出:
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.5.3
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________
[+] URL: http://example.com/
[+] Started: Mon Jun 24 15:21:34 2019
Interesting Finding(s):
[+] http://example.com/
| Interesting Entries:
| - X-Powered-By: PHP/5.4.39
| - X-LiteSpeed-Cache: hit
| - Server: LiteSpeed
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] http://example.com/robots.txt
| Interesting Entries:
| - /wp-admin/
| - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] http://example.com/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] Upload directory has listing enabled: http://example.com/wp-content/uploads/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] http://example.com/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 4.4.18 identified (Latest, released on 2019-03-13).
| Detected By: Rss Generator (Aggressive Detection)
| - http://example.com/feed/, <generator>https://wordpress.org/?v=4.4.18</generator>
| - http://example.com/comments/feed/, <generator>https://wordpress.org/?v=4.4.18</generator>
[i] The main theme could not be detected.
[i] No plugins Found.
[i] Theme(s) Identified:
[+] twentyfifteen
| Location: http://example.com/wp-content/themes/twentyfifteen/
| Latest Version: 2.5
| Last Updated: 2019-05-07T00:00:00.000Z
| Readme: http://example.com/wp-content/themes/twentyfifteen/readme.txt
| Style URL: http://example.com/wp-content/themes/twentyfifteen/style.css
| Style Name: Twenty Fifteen
| Style URI: https://wordpress.org/themes/twentyfifteen/
| Description: Our 2015 default theme is clean, blog-focused, and designed for clarity. Twenty Fifteen's simple, st...
| Author: the WordPress team
| Author URI: https://wordpress.org/
|
| Detected By: Known Locations (Aggressive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
| Fixed in: 1.2
| References:
| - https://wpvulndb.com/vulnerabilities/7965
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3429
| - https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss-millions-of-wordpress-websites-affected-millions-of-wordpress-websites-affected.html
| - http://packetstormsecurity.com/files/131802/
| - http://seclists.org/fulldisclosure/2015/May/41
|
| The version could not be determined.
[i] No Timthumbs Found.
[i] No Config Backups Found.
[i] No DB Exports Found.
[i] User(s) Identified:
[+] admin
| Detected By: Rss Generator (Aggressive Detection)
| Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
[+] Finished: Tue Jun 25 00:41:37 2019
[+] Requests Done: 2970
[+] Cached Requests: 5
[+] Data Sent: 898.095 KB
[+] Data Received: 1.64 MB
[+] Memory used: 191.84 MB
[+] Elapsed time: 09:20:03
问题是Jetpack和wordpress搜索引擎优化漏洞是缺失的,我不知道他们去了哪里,我是否遗漏了什么?任何人都可以帮我,谢谢!在
目前没有回答
相关问题 更多 >
编程相关推荐