1. 首页
  2. 问答
  3. nmap wordpress脚本扫描不返回结果

nmap wordpress脚本扫描不返回结果

2015-09-04 100 views
0

我想使用下面的nmap脚本http-wordpress-enum.nse http-wordpress-plugins.nse扫描一个wordpress网站。nmap wordpress脚本扫描不返回结果

要访问这个WordPress网站,你必须去以下链接:http://192.168.0.1/wp/

我无法运行针对该主机的这些NMAP脚本。当你做

nmap -p80 --script http-wordpress-plugins.nse 192.168.0.1

没有结果返回,即使我知道有插件安装。是因为nmap扫描的网址是http://192.168.0.1而不是://192.168.0.1/wp/?所以nmap只是看到有没有实际的词按网站,并终止扫描?任何人有建议如何解决这个问题?

预先感谢您

来源

2015-09-04 Linsong Guo

回答

0

您应该使用HTTP的WordPress的-plugins.root脚本argumentto指定 “/ WP /” 路径。在你的情况,是这样的:

nmap -p80 --script http-wordpress-plugins.nse --script-args http-wordpress-plugins.root="/wp/" 192.168.0.1

引述http-wordpress-plugins.nse脚本的源代码(/usr/share/nmap/scripts/http-wordpress-plugins.nse):

description = [[ 
Tries to obtain a list of installed WordPress plugins by brute force 
testing for known plugins. 

The script will brute force the /wp-content/plugins/ folder with a dictionary 
of 14K (and counting) known WP plugins. Anything but a 404 means that a given 
plugin directory probably exists, so the plugin probably also does. 

The available plugins for Wordpress is huge and despite the efforts of Nmap to 
parallelize the queries, a whole search could take an hour or so. That's why 
the plugin list is sorted by popularity and by default the script will only 
check the first 100 ones. Users can tweak this with an option (see below). 
]] 

--- 
-- @args http-wordpress-plugins.root If set, points to the blog root directory on the website. If not, the script will try to find a WP directory installation or fall back to root. 
-- @args http-wordpress-plugins.search As the plugins list contains tens of thousand of plugins, this script will only search the 100 most popular ones by default. 
-- Use this option with a number or "all" as an argument for a more comprehensive brute force. 
-- 
-- @usage 
-- nmap --script=http-wordpress-plugins --script-args http-wordpress-plugins.root="/blog/",http-wordpress-plugins.search=500 <targets> 
-- 
[email protected] 
-- Interesting ports on my.woot.blog (123.123.123.123): 
-- PORT STATE SERVICE REASON 
-- 80/tcp open http syn-ack 
-- | http-wordpress-plugins: 
-- | search amongst the 500 most popular plugins 
-- | akismet 
-- | wp-db-backup 
-- | all-in-one-seo-pack 
-- | stats 
-- |_ wp-to-twitter

被警告,虽然使用的启发式方法的混合是NMAP会尽力,已知的漏洞和蛮力。否定的结果并不意味着“某些事情不存在,100%肯定”。这只是意味着“nmap找不到它”,这可能是因为主机受到了很好的保护(例如服务配置合理,防火墙,IDS ...)

来源

2015-09-04 08:44:16 jbm

+0

这东西也记录在NSE门户上:https ://nmap.org/nsedoc/scripts/http-wordpress-enum.html。如果你只使用了几个相关的脚本,你可以将脚本名称从参数中分离出来,它们将全部共享:'--script-args root =/wp /' – bonsaiviking

相关问题

 相关问题