nmap wordpress脚本扫描不返回结果

时间:2015-09-04 05:07:17

标签: wordpress arguments nmap

我正在尝试使用以下nmap脚本http-wordpress-enum.nse http-wordpress-plugins.nse扫描一个wordpress网站。

要访问此wordpress网站,您必须访问以下链接:http://192.168.0.1/wp/

我无法针对该主机运行这些nmap脚本。当你做的时候

nmap -p80 --script http-wordpress-plugins.nse 192.168.0.1

没有结果返回,即使我知道已安装插件。是因为nmap扫描的网址是http://192.168.0.1而不是://192.168.0.1/wp/?所以nmap只是看到那里没有真正的单词新闻网站并终止了扫描?有人建议如何解决这个问题吗?

提前谢谢

1 个答案:

答案 0 :(得分:0)

您应该使用http-wordpress-plugins.root脚本参数来指定“/ wp /”路径。在你的情况下,像:

nmap -p80 --script http-wordpress-plugins.nse --script-args http-wordpress-plugins.root="/wp/"  192.168.0.1

引用http-wordpress-plugins.nse脚本(/usr/share/nmap/scripts/http-wordpress-plugins.nse)的源代码:

description = [[
Tries to obtain a list of installed WordPress plugins by brute force
testing for known plugins.

The script will brute force the /wp-content/plugins/ folder with a dictionary
of 14K (and counting) known WP plugins. Anything but a 404 means that a given
plugin directory probably exists, so the plugin probably also does.

The available plugins for Wordpress is huge and despite the efforts of Nmap to
parallelize the queries, a whole search could take an hour or so. That's why
the plugin list is sorted by popularity and by default the script will only
check the first 100 ones. Users can tweak this with an option (see below).
]]

---
-- @args http-wordpress-plugins.root If set, points to the blog root directory on the website. If not, the script will try to find a WP directory installation or fall back to root.
-- @args http-wordpress-plugins.search As the plugins list contains tens of thousand of plugins, this script will only search the 100 most popular ones by default.
-- Use this option with a number or "all" as an argument for a more comprehensive brute force.
--
-- @usage
-- nmap --script=http-wordpress-plugins --script-args http-wordpress-plugins.root="/blog/",http-wordpress-plugins.search=500 <targets>
--
--@output
-- Interesting ports on my.woot.blog (123.123.123.123):
-- PORT   STATE SERVICE REASON
-- 80/tcp open  http    syn-ack
-- | http-wordpress-plugins:
-- | search amongst the 500 most popular plugins
-- |   akismet
-- |   wp-db-backup
-- |   all-in-one-seo-pack
-- |   stats
-- |_  wp-to-twitter

但是,请注意,nmap使用各种启发式方法,已知漏洞和蛮力,尽力而为。否定的结果并不意味着“有些东西不存在,100%肯定”。它只是意味着“nmap无法找到它”,这可能是因为主机受到了很好的保护(除了服务是明智的配置,防火墙,IDS ......)

相关问题
最新问题