1. 首頁
  2. 問答
  3. nmap wordpress腳本掃描不返回結果

nmap wordpress腳本掃描不返回結果

2015-09-04 85 views
0

我想使用下面的nmap腳本http-wordpress-enum.nse http-wordpress-plugins.nse掃描一個wordpress網站。nmap wordpress腳本掃描不返回結果

要訪問這個WordPress網站,你必須去以下鏈接:http://192.168.0.1/wp/

我無法運行鍼對該主機的這些NMAP腳本。當你做

nmap -p80 --script http-wordpress-plugins.nse 192.168.0.1

沒有結果返回,即使我知道有插件安裝。是因爲nmap掃描的網址是http://192.168.0.1而不是://192.168.0.1/wp/?所以nmap只是看到有沒有實際的詞按網站,並終止掃描?任何人有建議如何解決這個問題?

預先感謝您

來源

2015-09-04 Linsong Guo

回答

0

您應該使用HTTP的WordPress的-plugins.root腳本argumentto指定 「/ WP /」 路徑。在你的情況,是這樣的:

nmap -p80 --script http-wordpress-plugins.nse --script-args http-wordpress-plugins.root="/wp/" 192.168.0.1

引述http-wordpress-plugins.nse腳本的源代碼(/usr/share/nmap/scripts/http-wordpress-plugins.nse):

description = [[ 
Tries to obtain a list of installed WordPress plugins by brute force 
testing for known plugins. 

The script will brute force the /wp-content/plugins/ folder with a dictionary 
of 14K (and counting) known WP plugins. Anything but a 404 means that a given 
plugin directory probably exists, so the plugin probably also does. 

The available plugins for Wordpress is huge and despite the efforts of Nmap to 
parallelize the queries, a whole search could take an hour or so. That's why 
the plugin list is sorted by popularity and by default the script will only 
check the first 100 ones. Users can tweak this with an option (see below). 
]] 

--- 
-- @args http-wordpress-plugins.root If set, points to the blog root directory on the website. If not, the script will try to find a WP directory installation or fall back to root. 
-- @args http-wordpress-plugins.search As the plugins list contains tens of thousand of plugins, this script will only search the 100 most popular ones by default. 
-- Use this option with a number or "all" as an argument for a more comprehensive brute force. 
-- 
-- @usage 
-- nmap --script=http-wordpress-plugins --script-args http-wordpress-plugins.root="/blog/",http-wordpress-plugins.search=500 <targets> 
-- 
[email protected] 
-- Interesting ports on my.woot.blog (123.123.123.123): 
-- PORT STATE SERVICE REASON 
-- 80/tcp open http syn-ack 
-- | http-wordpress-plugins: 
-- | search amongst the 500 most popular plugins 
-- | akismet 
-- | wp-db-backup 
-- | all-in-one-seo-pack 
-- | stats 
-- |_ wp-to-twitter

被警告,雖然使用的啓發式方法的混合是NMAP會盡力,已知的漏洞和蠻力。否定的結果並不意味着「某些事情不存在,100%肯定」。這只是意味着「nmap找不到它」,這可能是因爲主機受到了很好的保護(例如服務配置合理,防火牆,IDS ...)

來源

2015-09-04 08:44:16 jbm

+0

這東西也記錄在NSE門戶上:https ://nmap.org/nsedoc/scripts/http-wordpress-enum.html。如果你只使用了幾個相關的腳本,你可以將腳本名稱從參數中分離出來,它們將全部共享:'--script-args root =/wp /' – bonsaiviking

相關問題

 相關問題