WPvSCAN 扫描目标网站上的 CMS WordPress 版本,并将其与最新版本进行比较。之后,它还提供了使用Offensive Security 的SearchSploit工具列出所有已知漏洞的选项。
用法
代码语言:javascript复制python3 wpvscan.py -t target.com依赖
代码语言:javascript复制pip install -r requirements.txt整个脚本是用 Python 3.7 编写的,推荐使用它以获得最佳功能。在旧版本中可能无法正常工作。Python 可从官方网站免费下载所有平台。
脚本为找到的 WordPress 版本提供了漏洞利用。SearchSploit 可以从官方GitHub 存储库安装。
代码语言:javascript复制#!/usr/bin/env python3
# Name: WPvSCAN
# https://github.com/cyb3rd3s/WPvSCAN
# Author: Roman Kulich @ 2020
# Version: v1.0.6
import bs4 as bs
import urllib.request
import os
import argparse
import requests
import sys
TGREEN = '�33[32m' # Green Text
TWHITE = '�33[37m' # White text
TRED = '�33[31m' # White text
TYELL = '�33[33m' # Yellow text
print('''
__ _______ _____ _____ _ _
/ / __ / ____|/ ____| / | | |
/ / /| |__) |_ _| (___ | | / | | |
/ / / | ___/ / /___ | | / / | . ` |
/ / | | V / ____) | |____ / ____ | | |
/ / |_| _/ |_____/ _____/_/ __| _|
v1.0.6
''')
response = requests.get('https://api.wordpress.org/core/version-check/1.7/')
json = response.json()
parser = argparse.ArgumentParser()
parser.add_argument("-t", help="target url", dest='domain')
args = parser.parse_args()
website = args.domain
if website is None:
print(TRED 'Missing target! ==>',TWHITE TGREEN 'Usage: python3 wpvscan.py -t target.com',TWHITE)
print()
sys.exit()
if website:
if 'https://' in website: #Remove http or https to prevent errors
website = website.strip('https://')
elif 'http://' in website:
website = website.strip('http://')
url = 'http://' website #Use http by default. If website uses https, request will change to https automatically
admin_url = url '/wp-admin'
WPcheck = requests.get(admin_url) #Temporary solution how to determine, if website is running on WordPress :)
if WPcheck.status_code == 200:
source = urllib.request.urlopen(url).read()
soup = bs.BeautifulSoup(source,'lxml')
WP_check = soup.find(attrs={'name' : 'generator'})
WP_pars = WP_check['content']
WP_name = WP_pars[0:9]
WP_version = WP_pars[10:15]
WP_now = str(json['offers'][0]['version'])
else:
print(TRED,'Website is not running on WordPress!',TWHITE)
if website is None:
print(TRED "Missing target! ==>",TWHITE TGREEN "Usage: python3 wpvscan.py -t target.com",TWHITE)
print("")
sys.exit()
else:
WPcheck = requests.get('https://' website '/wp-admin') #Temporary solution how to determine, if website is running on WordPress :)
if WPcheck.status_code == 200:
source = urllib.request.urlopen('https://' website).read()
soup = bs.BeautifulSoup(source,'lxml')
WP_check = soup.find(attrs={'name' : 'generator'})
WP_pars = WP_check['content']
WP_name = WP_pars[0:9]
WP_version = WP_pars[10:15]
WP_now = str(json['offers'][0]['version'])
else:
print(TRED,"Website is not running on WordPress!",TWHITE)
print("")
sys.exit()
print(" ")
if WP_version == WP_now:
print(TGREEN "[ ]",TWHITE "Target website " website " is running on CMS " WP_name " of version " TGREEN WP_version,TWHITE)
else:
print(TRED "[!]",TWHITE "Target website " website " is running on CMS " WP_name " of version " TRED WP_version,TWHITE)
print(TGREEN "[ ]",TWHITE "Latest version is " TGREEN WP_now,TWHITE)
searchsploit = input("Do you want to use searchsploit to check exploits for this version? (y/n) ")
if searchsploit == "y":
print(" ")
print(os.system("searchsploit " WP_pars))
else:
print(TGREEN "Finished",TWHITE)
