如何将原始wpscan的输出捕获到txt文件中?

时间:2019-06-25 11:22:02

标签: python wordpress kali-linux

我正在kali linux(2019.2)中使用Wpscan版本3.5.3,例如:

wpscan --url "http://example.com/" -f cli-no-color --random-user-agent

然后一切正常,我得到这样的输出:

...
_______________________________________________________________
        __          _______   _____
        \ \        / /  __ \ / ____|
         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 3.5.3
          Sponsored by Sucuri - https://sucuri.net
      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________

[+] URL: http://example.com/
[+] Started: Tue Jun 25 06:36:32 2019

Interesting Finding(s):

[+] http://example.com/
 | Interesting Entries:
 |  - X-Powered-By: PHP/5.4.39
 |  - X-LiteSpeed-Cache: hit
 |  - Server: LiteSpeed
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] http://example.com/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /wp-admin/admin-ajax.php
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] http://example.com/xmlrpc.php
 | Found By: Link Tag (Passive Detection)
 | Confidence: 30%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access

[+] Upload directory has listing enabled: http://example.com/wp-content/uploads/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] http://example.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 4.4.18 identified (Latest, released on 2019-03-13).
 | Detected By: Rss Generator (Passive Detection)
 |  - http://example.com/feed/, <generator>https://wordpress.org/?v=4.4.18</generator>
 | Confirmed By: Atom Generator (Passive Detection)
 |  - http://example.com/feed/atom/, <generator uri="https://wordpress.org/" version="4.4.18">WordPress</generator>

[+] WordPress theme in use: HaberMatikV3
 | Location: http://example.com/wp-content/themes/HaberMatikV3/
 | Style URL: http://example.com/wp-content/themes/HaberMatikV3/style.css
 | Style Name: HaberMatik
 | Style URI: http://www.habermatik.net
 | Description: WordPress Haber Teması...
 | Author: AKIN MEDYA
 | Author URI: http://www.akinmedya.com.tr
 |
 | Detected By: Css Style (Passive Detection)
 | Confirmed By: Urls In Homepage (Passive Detection)
 |
 | Version: 3.1 (80% confidence)
 | Detected By: Style (Passive Detection)
 |  - http://example.com/wp-content/themes/HaberMatikV3/style.css, Match: 'Version: 3.1'

[+] Enumerating Vulnerable Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] jetpack
 | Location: http://example.com/wp-content/plugins/jetpack/
 | Last Updated: 2019-06-17T13:00:00.000Z
 | [!] The version is out of date, the latest version is 7.4.1
 |
 | Detected By: Urls In Homepage (Passive Detection)
 |
 | [!] 3 vulnerabilities identified:
 |
 | [!] Title: Jetpack 2.0-4.0.2 - Shortcode Stored Cross-Site Scripting (XSS)
 |     Fixed in: 4.0.3
 |     References:
 |      - https://wpvulndb.com/vulnerabilities/8500
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10706
 |      - https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/
 |      - http://wptavern.com/jetpack-4-0-3-patches-a-critical-xss-vulnerability
 |      - https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html
 |
 | [!] Title: Jetpack <= 4.0.3 - Multiple Vulnerabilities
 |     Fixed in: 4.0.4
 |     References:
 |      - https://wpvulndb.com/vulnerabilities/8517
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10705
 |      - https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes/
 |
 | [!] Title: Jetpack <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS)
 |     Fixed in: 6.5
 |     References:
 |      - https://wpvulndb.com/vulnerabilities/9168
 |      - https://www.ripstech.com/php-security-calendar-2018/#day-11
 |
 | Version: 3.9.7 (100% confidence)
 | Detected By: Query Parameter (Passive Detection)
 |  - http://example.com/wp-content/plugins/jetpack/css/jetpack.css?ver=3.9.7
 | Confirmed By:
 |  Readme - Stable Tag (Aggressive Detection)
 |   - http://example.com/wp-content/plugins/jetpack/readme.txt
 |  Readme - ChangeLog Section (Aggressive Detection)
 |   - http://example.com/wp-content/plugins/jetpack/readme.txt

[+] wordpress-seo
 | Location: http://example.com/wp-content/plugins/wordpress-seo/
 | Last Updated: 2019-06-12T08:52:00.000Z
 | [!] The version is out of date, the latest version is 11.4
 |
 | Detected By: Comment (Passive Detection)
 |
 | [!] 2 vulnerabilities identified:
 |
 | [!] Title: Yoast SEO <= 5.7.1 - Authenticated Cross-Site Scripting (XSS)
 |     Fixed in: 5.8
 |     References:
 |      - https://wpvulndb.com/vulnerabilities/8960
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16842
 |      - https://plugins.trac.wordpress.org/changeset/1766831/wordpress-seo/trunk/admin/google_search_console/class-gsc-table.php
 |      - https://packetstormsecurity.com/files/145080/WordPress-Yoast-SEO-Cross-Site-Scripting.html
 |
 | [!] Title: Yoast SEO <= 9.1 - Authenticated Race Condition
 |     Fixed in: 9.2
 |     References:
 |      - https://wpvulndb.com/vulnerabilities/9150
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19370
 |      - https://plugins.trac.wordpress.org/changeset/1977260/wordpress-seo
 |      - https://www.youtube.com/watch?v=nL141dcDGCY
 |      - http://packetstormsecurity.com/files/150497/
 |      - https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa
 |
 | Version: 3.5 (100% confidence)
 | Detected By: Comment (Passive Detection)
 |  - http://example.com/, Match: 'optimized with the Yoast SEO plugin v3.5 -'
 | Confirmed By:
 |  Readme - Stable Tag (Aggressive Detection)
 |   - http://example.com/wp-content/plugins/wordpress-seo/readme.txt
 |  Readme - ChangeLog Section (Aggressive Detection)
 |   - http://example.com/wp-content/plugins/wordpress-seo/readme.txt

[+] Enumerating Vulnerable Themes (via Passive and Aggressive Methods)
 Checking Known Locations - Time: 00:47:33 <> (292 / 292) 100.00% Time: 00:47:33
[+] Checking Theme Versions (via Passive and Aggressive Methods)

[i] No themes Found.
...
...

有一天,我想用python 3捕获这些输出,从Google那里我知道有三种方法:

1-使用“ -o”选项输出txt文件,如下所示:

wpscan --url "http://example.com/" -f cli-no-color --random-user-agent -o result.txt

在python 3中2次使用os.popen(cmd)函数,如下所示:

    ...
    cmd = 'wpscan --url "http://example.com/" -f cli-no-color --random-user-agent'
    file = os.popen(cmd)
    content = file.read()
    file.close()
    print(content)
    ...

在python 3中使用3-use subprocess.Popen(cmd)函数,如下所示:

    cmd = 'wpscan --url "http://example.com/" -f cli-no-color --random-user-agent'
    p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, bufsize=0)
    while p.poll() is None:
        s = p.stdout.readline()

然后问题来了,我发现这些方法都不能输出“原始”,例如,所有这些都将这样输出:

_______________________________________________________________
        __          _______   _____
        \ \        / /  __ \ / ____|
         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 3.5.3
          Sponsored by Sucuri - https://sucuri.net
      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________

[+] URL: http://example.com/
[+] Started: Mon Jun 24 15:21:34 2019

Interesting Finding(s):

[+] http://example.com/
 | Interesting Entries:
 |  - X-Powered-By: PHP/5.4.39
 |  - X-LiteSpeed-Cache: hit
 |  - Server: LiteSpeed
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] http://example.com/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /wp-admin/admin-ajax.php
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] http://example.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] Upload directory has listing enabled: http://example.com/wp-content/uploads/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] http://example.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 4.4.18 identified (Latest, released on 2019-03-13).
 | Detected By: Rss Generator (Aggressive Detection)
 |  - http://example.com/feed/, <generator>https://wordpress.org/?v=4.4.18</generator>
 |  - http://example.com/comments/feed/, <generator>https://wordpress.org/?v=4.4.18</generator>

[i] The main theme could not be detected.


[i] No plugins Found.


[i] Theme(s) Identified:

[+] twentyfifteen
 | Location: http://example.com/wp-content/themes/twentyfifteen/
 | Latest Version: 2.5
 | Last Updated: 2019-05-07T00:00:00.000Z
 | Readme: http://example.com/wp-content/themes/twentyfifteen/readme.txt
 | Style URL: http://example.com/wp-content/themes/twentyfifteen/style.css
 | Style Name: Twenty Fifteen
 | Style URI: https://wordpress.org/themes/twentyfifteen/
 | Description: Our 2015 default theme is clean, blog-focused, and designed for clarity. Twenty Fifteen's simple, st...
 | Author: the WordPress team
 | Author URI: https://wordpress.org/
 |
 | Detected By: Known Locations (Aggressive Detection)
 |
 | [!] 1 vulnerability identified:
 |
 | [!] Title: Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
 |     Fixed in: 1.2
 |     References:
 |      - https://wpvulndb.com/vulnerabilities/7965
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3429
 |      - https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss-millions-of-wordpress-websites-affected-millions-of-wordpress-websites-affected.html
 |      - http://packetstormsecurity.com/files/131802/
 |      - http://seclists.org/fulldisclosure/2015/May/41
 |
 | The version could not be determined.


[i] No Timthumbs Found.


[i] No Config Backups Found.


[i] No DB Exports Found.


[i] User(s) Identified:

[+] admin
 | Detected By: Rss Generator (Aggressive Detection)
 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)


[+] Finished: Tue Jun 25 00:41:37 2019
[+] Requests Done: 2970
[+] Cached Requests: 5
[+] Data Sent: 898.095 KB
[+] Data Received: 1.64 MB
[+] Memory used: 191.84 MB
[+] Elapsed time: 09:20:03

问题是Jetpack和wordpress-seo易损性缺失,我不知道它们去了哪里,我是否缺少某些东西?任何人都可以帮助我,非常感谢!

0 个答案:

没有答案
相关问题
最新问题