[Script] Recherche de vulnérabilité pour Wordpress

Recherche de vulnérabilité pour WordPress

Ce script a été trouvé sur le site de cyrill-gremaud et testé sur Ubuntu.

Quelques soucis a l’exécution qui seront détaillés ci dessous.

Le chemin d’installation était anglophone, je l’ai également corrigé.

Crée le fichier, son contenu et lui donner des droits

$ vim <span class="crayon-v">install</span><span class="crayon-o">-</span><span class="crayon-v">wpscan</span><span class="crayon-e">.sh</span>

1	$ vim <span class="crayon-v">install</span><span class="crayon-o">-</span><span class="crayon-v">wpscan</span><span class="crayon-e">.sh</span>

#!/bin/sh
 
# Installing wpscan on Ubuntu
# @author : Cyrill Gremaud (www.cyrill-gremaud.ch)
# @date : 24th february 2018
# @source : https://www.cyrill-gremaud.ch/install-wpscan-on-ubuntu
# @version : 1.0
 
#global variables
GREEN='\033[0;32m'
NC='\033[0m'
 
#print info
printf "${GREEN}***************************************************************************\n"
printf "THIS SCRIPT INSTALLS WPSCAN AUTOMATICALY ON DEBIAN BASED DISTRIBUTION\n"
printf "${GREEN}***************************************************************************\n"
 
#update the sources and install requirements
printf "${GREEN} => installing dependencies\n${NC}"
sudo apt update > /dev/null 2>&1
sudo apt install git libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev --yes > /dev/null 2>&1
 
#download wpscan from github
printf "${GREEN} => download wpscan sources (from github)\n${NC}"
cd /home/$USER/Bureau
git clone https://github.com/wpscanteam/wpscan.git > /dev/null 2>&1
cd wpscan/
 
#install ruby
printf "${GREEN} => install Ruby 2.5.0\n${NC}"
rvm install "ruby-2.5.0\n" > /dev/null 2>&1
 
#install wpscan
printf "${GREEN} => install bundler and wpscan\n${NC}"
gem install bundler > /dev/null 2>&1
bundle install --without test development > /dev/null 2>&1
 
#update wpscan
printf "${GREEN} => update wpscan databases\n${NC}"
ruby wpscan.rb --update > /dev/null 2>&1
 
#start wpscap
printf "${GREEN} => Start wpscan for you\n${NC}"
ruby wpscan.rb --help

#!/bin/sh

# Installing wpscan on Ubuntu

# @author : Cyrill Gremaud (www.cyrill-gremaud.ch)

# @date : 24th february 2018

# @source : https://www.cyrill-gremaud.ch/install-wpscan-on-ubuntu

# @version : 1.0

#global variables

GREEN='\033[0;32m'

NC='\033[0m'

#print info

printf "${GREEN}***************************************************************************\n"

printf "THIS SCRIPT INSTALLS WPSCAN AUTOMATICALY ON DEBIAN BASED DISTRIBUTION\n"

printf "${GREEN}***************************************************************************\n"

#update the sources and install requirements

printf "${GREEN} => installing dependencies\n${NC}"

sudo apt update > /dev/null 2>&1

sudo apt install git libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev --yes > /dev/null 2>&1

#download wpscan from github

printf "${GREEN} => download wpscan sources (from github)\n${NC}"

cd /home/$USER/Bureau

git clone https://github.com/wpscanteam/wpscan.git > /dev/null 2>&1

cd wpscan/

#install ruby

printf "${GREEN} => install Ruby 2.5.0\n${NC}"

rvm install "ruby-2.5.0\n" > /dev/null 2>&1

#install wpscan

printf "${GREEN} => install bundler and wpscan\n${NC}"

gem install bundler > /dev/null 2>&1

bundle install --without test development > /dev/null 2>&1

#update wpscan

printf "${GREEN} => update wpscan databases\n${NC}"

ruby wpscan.rb --update > /dev/null 2>&1

#start wpscap

printf "${GREEN} => Start wpscan for you\n${NC}"

ruby wpscan.rb --help

<span class="crayon-r">$ chmod</span> <span class="crayon-o">+</span><span class="crayon-i">x</span> <span class="crayon-v">install</span><span class="crayon-o">-</span><span class="crayon-v">wpscan</span><span class="crayon-e">.sh</span>

1	<span class="crayon-r">$ chmod</span> <span class="crayon-o">+</span><span class="crayon-i">x</span> <span class="crayon-v">install</span><span class="crayon-o">-</span><span class="crayon-v">wpscan</span><span class="crayon-e">.sh</span>

Pour l’exécution et l’installation du script

$ <span class="crayon-sy">.</span><span class="crayon-o">/</span><span class="crayon-v">install</span><span class="crayon-o">-</span><span class="crayon-v">wpscan</span><span class="crayon-e">.sh</span>

1	$ <span class="crayon-sy">.</span><span class="crayon-o">/</span><span class="crayon-v">install</span><span class="crayon-o">-</span><span class="crayon-v">wpscan</span><span class="crayon-e">.sh</span>

L’erreur rencontré a l’exécution

***************************************************************************
THIS SCRIPT INSTALLS WPSCAN AUTOMATICALY ON DEBIAN BASED DISTRIBUTION
***************************************************************************
=> installing dependencies
=> download wpscan sources (from github)
=> install Ruby 2.5.0
=> install bundler and wpscan
=> update wpscan databases
=> Start wpscan for you
<strong>Could not find ffi-1.9.25 in any of the sources</strong>
<strong>Run `bundle install` to install missing gems.</strong>

***************************************************************************

THIS SCRIPT INSTALLS WPSCAN AUTOMATICALY ON DEBIAN BASED DISTRIBUTION

***************************************************************************

=> installing dependencies

=> download wpscan sources (from github)

=> install Ruby 2.5.0

=> install bundler and wpscan

=> update wpscan databases

=> Start wpscan for you

Could not find ffi-1.9.25 in any of the sources

Run `bundle install` to install missing gems.

Il faut installer le paquet brew

$ sudo apt install linuxbrew-wrapper

1	$ sudo apt install linuxbrew-wrapper

Un fois l’installation complète, lancer wpscan avec différents arguments.

–update pour le mettre a jour

<span style="color: #99cc00;">bef@lnx</span>:<span style="color: #0000ff;">~/Bureau/wpscan</span>$ ruby wpscan.rb --update

1	<span style="color: #99cc00;">bef@lnx</span>:<span style="color: #0000ff;">~/Bureau/wpscan</span>$ ruby wpscan.rb --update

_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.9.5-dev
          Sponsored by Sucuri - https://sucuri.net
      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________

<span style="color: #3366ff;">[i]</span> Updating the Database ...
<span style="color: #3366ff;">[i]</span> Update completed

_______________________________________________________________

__ _______ _____

\ \ / / __ \ / ____|

\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®

\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \

\ /\ / | | ____) | (__| (_| | | | |

\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team

Version 2.9.5-dev

Sponsored by Sucuri - https://sucuri.net

@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_

_______________________________________________________________

[i] Updating the Database ...

[i] Update completed

Les autres arguments

Scanner le site web a la recherche de vulnérabilité

$ ruby wpscan.rb --url <strong>nom_du_site</strong>

1	$ ruby wpscan.rb --url <strong>nom_du_site</strong>

Scanner le site web plus profondément

$ ruby wpscan.rb --url <strong>nom_du_site</strong> --enumerate

1	$ ruby wpscan.rb --url <strong>nom_du_site</strong> --enumerate

Pour plus d’infos concernant ces 2 derniers, je renvoi vers excellent article de Guillaume qui détaille bien les différentes détections..

Articles lus : 1 198

No votes yet.

Please wait...

Laisser un commentaire Annuler la réponse