WPScan 是專掃 WordPress 漏洞的工具

WPScan 是一個掃描 WordPress 部落格平台有沒有漏洞的工具，是 Sucuri 贊助的

_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.9
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

CentOS 系統上的安裝方式只要

yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler && bundle install --without test

掃描

[root@lo wpscan]# ruby wpscan.rb --url ssorc.tw

結果

它說有個檔會曝露 WordPress 版本，不過對我來說還好，反正我都有在按時更新

[+] URL: http://ssorc.tw/
[+] Started: Thu Dec 10 14:04:58 2015

[+] robots.txt available under: 'http://ssorc.tw/robots.txt'
[+] Interesting entry from robots.txt: http://ssorc.tw/wp-content/plugins/
[+] Interesting entry from robots.txt: http://ssorc.tw/wp-content/themes/
[+] Interesting entry from robots.txt: http://ssorc.tw/feed/
[+] Interesting entry from robots.txt: */feed/
[!] The WordPress 'http://ssorc.tw/readme.html' file exists exposing a version number
[+] Interesting header: FRAME-OPTIONS: SAMEORIGIN
[+] Interesting header: SERVER: Apache
[+] Interesting header: SET-COOKIE: HttpOnly;Secure
[+] Interesting header: STRICT-TRANSPORT-SECURITY: max-age=16070400; includeSubDomains
[+] Interesting header: X-FRAME-OPTIONS: SAMEORIGIN
[+] Interesting header: X-XSS-PROTECTION: 1;mode=block

[+] WordPress version 4.3.1 identified from meta generator

[+] WordPress theme in use: catch-box-child - vLicense

[+] Name: catch-box-child - vLicense
 |  Location: http://ssorc.tw/wp-content/themes/catch-box-child/
 |  Style URL: http://ssorc.tw/wp-content/themes/catch-box-child/style.css
 |  Theme Name: Catch Box Child
 |  Theme URI: Author: fixed by ssorc
 |  Description: Version:
 |  Author: fixed by ssorc
 |  Author URI: Description:

[+] Detected parent theme: catch-box - v3.9

[+] Name: catch-box - v3.9
 |  Location: http://ssorc.tw/wp-content/themes/catch-box/
 |  Readme: http://ssorc.tw/wp-content/themes/catch-box/readme.txt
 |  Changelog: http://ssorc.tw/wp-content/themes/catch-box/changelog.txt
[!] The version is out of date, the latest version is 4.1
 |  Style URL: http://ssorc.tw/wp-content/themes/catch-box/style.css
 |  Theme Name: Catch Box
 |  Theme URI: http://catchthemes.com/themes/catchbox
 |  Description: Catch Box is simple, lightweight, box shaped, and adaptable WordPress Theme for bloggers and prof...
 |  Author: Catch Themes
 |  Author URI: http://catchthemes.com

[+] Enumerating plugins from passive detection ...
 | 7 plugins found:

[+] Name: easy-video-player - v1.1.1
 |  Latest version: 1.1.1 (up to date)
 |  Location: http://ssorc.tw/wp-content/plugins/easy-video-player/
 |  Readme: http://ssorc.tw/wp-content/plugins/easy-video-player/readme.txt

[+] Name: electric-studio-download-counter - v2.4
 |  Latest version: 2.4 (up to date)
 |  Location: http://ssorc.tw/wp-content/plugins/electric-studio-download-counter/
 |  Readme: http://ssorc.tw/wp-content/plugins/electric-studio-download-counter/readme.txt

[+] Name: images-lazyload-and-slideshow - v3.3
 |  Latest version: 3.3 (up to date)
 |  Location: http://ssorc.tw/wp-content/plugins/images-lazyload-and-slideshow/
 |  Readme: http://ssorc.tw/wp-content/plugins/images-lazyload-and-slideshow/readme.txt

[+] Name: jcwp-left-right-key-navigation - v1.4
 |  Latest version: 1.4 (up to date)
 |  Location: http://ssorc.tw/wp-content/plugins/jcwp-left-right-key-navigation/
 |  Readme: http://ssorc.tw/wp-content/plugins/jcwp-left-right-key-navigation/readme.txt

[+] Name: wordpress-23-related-posts-plugin - v3.6
 |  Latest version: 3.6 (up to date)
 |  Location: http://ssorc.tw/wp-content/plugins/wordpress-23-related-posts-plugin/
 |  Readme: http://ssorc.tw/wp-content/plugins/wordpress-23-related-posts-plugin/readme.txt

[+] Name: wp-ajax-edit-comments - v5.0.36.0
 |  Latest version: 5.0.36.0 (up to date)
 |  Location: http://ssorc.tw/wp-content/plugins/wp-ajax-edit-comments/
 |  Readme: http://ssorc.tw/wp-content/plugins/wp-ajax-edit-comments/readme.txt

[+] Name: wp-pagenavi - v2.89.1
 |  Latest version: 2.89.1 (up to date)
 |  Location: http://ssorc.tw/wp-content/plugins/wp-pagenavi/
 |  Readme: http://ssorc.tw/wp-content/plugins/wp-pagenavi/readme.txt

[+] Finished: Thu Dec 10 14:05:14 2015
[+] Requests Done: 74
[+] Memory used: 115.672 MB
[+] Elapsed time: 00:00:16

它在我的 access_log GET 那些

掃了 wp-config 可能的檔名，等等，所以盡可能不要把 wp-config.php 改成像 wp-config.php.old ，會明碼都看到內容了

1.1.1.1 - - [10/Dec/2015:14:04:56 +0800] "GET / HTTP/1.1" 200 36781 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:57 +0800] "GET / HTTP/1.1" 200 36781 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-content/plugins HTTP/1.1" 301 704 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /robots.txt HTTP/1.1" 200 666 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /readme.html HTTP/1.1" 200 7796 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-includes/rss-functions.php HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-content/debug.log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php.old HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php.swp HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.old HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php~ HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php_bak HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php.original HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.original HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /%23wp-config.php%23 HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php.swo HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.bak HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php.save HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php.orig HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /.wp-config.php.swp HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.php.bak HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.orig HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.save HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:04:58 +0800] "GET /wp-config.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:01 +0800] "GET /searchreplacedb2.php HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:02 +0800] "HEAD / HTTP/1.1" 200 442 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:02 +0800] "GET /wp-signup.php HTTP/1.1" 302 577 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:03 +0800] "GET /wp-content/mu-plugins/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:03 +0800] "GET /wp-login.php?action=register HTTP/1.1" 401 797 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:03 +0800] "GET /xmlrpc.php HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:03 +0800] "GET / HTTP/1.1" 200 36781 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:04 +0800] "GET /wp-content/uploads/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:04 +0800] "GET /wp-content/themes/catch-box-child/style.css HTTP/1.1" 200 72908 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:04 +0800] "GET /wp-content/themes/catch-box-child/readme.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:04 +0800] "GET /wp-content/themes/catch-box-child/README.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:05 +0800] "GET /wp-content/themes/catch-box-child/Readme.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:05 +0800] "GET /wp-content/themes/catch-box-child/ReadMe.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:05 +0800] "GET /wp-content/themes/catch-box-child/README.TXT HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:05 +0800] "GET /wp-content/themes/catch-box-child/readme.TXT HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:06 +0800] "GET /wp-content/themes/catch-box-child/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:06 +0800] "GET /wp-content/themes/catch-box-child/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:06 +0800] "GET /wp-content/themes/catch-box-child/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:06 +0800] "GET /wp-content/themes/catch-box/style.css HTTP/1.1" 200 74873 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:07 +0800] "GET /wp-content/themes/catch-box/readme.txt HTTP/1.1" 200 6581 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:07 +0800] "GET /wp-content/themes/catch-box/changelog.txt HTTP/1.1" 200 14913 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:07 +0800] "GET /wp-content/themes/catch-box/ HTTP/1.1" 500 425 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:07 +0800] "GET /wp-content/themes/catch-box/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:07 +0800] "GET /wp-content/plugins/easy-video-player/readme.txt HTTP/1.1" 200 6349 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:07 +0800] "GET /wp-content/plugins/easy-video-player/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:08 +0800] "GET /wp-content/plugins/easy-video-player/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:08 +0800] "GET /wp-content/plugins/easy-video-player/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:08 +0800] "GET /wp-content/plugins/electric-studio-download-counter/readme.txt HTTP/1.1" 200 4176 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:08 +0800] "GET /wp-content/plugins/electric-studio-download-counter/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:09 +0800] "GET /wp-content/plugins/electric-studio-download-counter/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:09 +0800] "GET /wp-content/plugins/electric-studio-download-counter/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:09 +0800] "GET /wp-content/plugins/images-lazyload-and-slideshow/readme.txt HTTP/1.1" 200 6337 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:09 +0800] "GET /wp-content/plugins/images-lazyload-and-slideshow/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:10 +0800] "GET /wp-content/plugins/images-lazyload-and-slideshow/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:10 +0800] "GET /wp-content/plugins/images-lazyload-and-slideshow/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:10 +0800] "GET /wp-content/plugins/jcwp-left-right-key-navigation/readme.txt HTTP/1.1" 200 2676 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:10 +0800] "GET /wp-content/plugins/jcwp-left-right-key-navigation/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:11 +0800] "GET /wp-content/plugins/jcwp-left-right-key-navigation/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:11 +0800] "GET /wp-content/plugins/jcwp-left-right-key-navigation/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:11 +0800] "GET /wp-content/plugins/wordpress-23-related-posts-plugin/readme.txt HTTP/1.1" 200 8999 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:11 +0800] "GET /wp-content/plugins/wordpress-23-related-posts-plugin/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:12 +0800] "GET /wp-content/plugins/wordpress-23-related-posts-plugin/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:12 +0800] "GET /wp-content/plugins/wordpress-23-related-posts-plugin/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:12 +0800] "GET /wp-content/plugins/wp-ajax-edit-comments/readme.txt HTTP/1.1" 200 15670 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:12 +0800] "GET /wp-content/plugins/wp-ajax-edit-comments/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:13 +0800] "GET /wp-content/plugins/wp-ajax-edit-comments/ HTTP/1.1" 200 406 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:13 +0800] "GET /wp-content/plugins/wp-ajax-edit-comments/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:13 +0800] "GET /wp-content/plugins/wp-pagenavi/readme.txt HTTP/1.1" 200 10240 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:13 +0800] "GET /wp-content/plugins/wp-pagenavi/changelog.txt HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:14 +0800] "GET /wp-content/plugins/wp-pagenavi/ HTTP/1.1" 302 630 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"
1.1.1.1 - - [10/Dec/2015:14:05:14 +0800] "GET /wp-content/plugins/wp-pagenavi/error_log HTTP/1.1" 302 548 "http://ssorc.tw/" "WPScan v2.9 (http://wpscan.org)"