Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

wpscan

help

	-Further help ...
	ruby wpscan.rb --help

	-Do 'non-intrusive' checks ...
	ruby wpscan.rb --url www.example.com

	-Do wordlist password brute force on enumerated users using 50 threads ...
	ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

	-Do wordlist password brute force on the 'admin' username only ...
	ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

	-Enumerate installed plugins ...
	ruby wpscan.rb --url www.example.com --enumerate p

	-Enumerate installed themes ...
	ruby wpscan.rb --url www.example.com --enumerate t

	-Enumerate users ...
	ruby wpscan.rb --url www.example.com --enumerate u

	-Enumerate installed timthumbs ...
	ruby wpscan.rb --url www.example.com --enumerate tt

	-Use a HTTP proxy ...
	ruby wpscan.rb --url www.example.com --proxy 127.0.0.1:8118

	-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)
	ruby wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000

	-Use custom content directory ...
	ruby wpscan.rb -u www.example.com --wp-content-dir custom-content

	-Use custom plugins directory ...
	ruby wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins

	-Update ...
	ruby wpscan.rb --update

	-Debug output ...
	ruby wpscan.rb --url www.example.com --debug-output 2>debug.log

WpScan Example

 wpscan --url https://6holeocarina.com
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22

       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

[+] URL: https://6holeocarina.com/ [162.243.46.68]
[+] Started: Wed Dec 28 17:27:43 2022

Interesting Finding(s):

[+] Headers
 | Interesting Entry: Server: Apache
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] robots.txt found: https://6holeocarina.com/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /wp-admin/admin-ajax.php
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://6holeocarina.com/xmlrpc.php
 | Found By: Link Tag (Passive Detection)
 | Confidence: 100%
 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://6holeocarina.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://6holeocarina.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 5.5.11 identified (Outdated, released on 0001-01-01).
 | Found By: Rss Generator (Passive Detection)
 |  - https://6holeocarina.com/feed/, <generator>https://wordpress.org/?v=5.5.11</generator>
 |  - https://6holeocarina.com/sitemap/feed/, <generator>https://wordpress.org/?v=5.5.11</generator>

[+] WordPress theme in use: thesis
 | Location: https://6holeocarina.com/wp-content/themes/thesis/
 | Style URL: https://6holeocarina.com/wp-content/themes/thesis/style.css
 | Style Name: Thesis
 | Style URI: https://diythemes.com/thesis/
 | Description: The only <strong>modular template and design system for WordPress</strong> delivers unmatched speed ...
 | Author: Chris Pearson
 | Author URI: https://pearsonified.com/
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 2.9.12 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://6holeocarina.com/wp-content/themes/thesis/style.css, Match: 'Version:     2.9.12'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] contact-form-7
 | Location: https://6holeocarina.com/wp-content/plugins/contact-form-7/
 | Last Updated: 2022-12-28T04:24:00.000Z
 | [!] The version is out of date, the latest version is 5.7.2
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 5.3 (100% confidence)
 | Found By: Query Parameter (Passive Detection)
 |  - https://6holeocarina.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
 |  - https://6holeocarina.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
 | Confirmed By: Readme - Stable Tag (Aggressive Detection)
 |  - https://6holeocarina.com/wp-content/plugins/contact-form-7/readme.txt

[+] google-analytics-dashboard-for-wp
 | Location: https://6holeocarina.com/wp-content/plugins/google-analytics-dashboard-for-wp/
 | Last Updated: 2022-12-12T18:40:00.000Z
 | [!] The version is out of date, the latest version is 7.11.0
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By:
 |  Urls In 404 Page (Passive Detection)
 |  Comment (Passive Detection)
 |
 | Version: 6.3.0 (100% confidence)
 | Found By: Comment (Passive Detection)
 |  - https://6holeocarina.com/, Match: 'Analytics by ExactMetrics plugin v6.3.0'
 | Confirmed By:
 |  Readme - Stable Tag (Aggressive Detection)
 |   - https://6holeocarina.com/wp-content/plugins/google-analytics-dashboard-for-wp/readme.txt
 |  Readme - ChangeLog Section (Aggressive Detection)
 |   - https://6holeocarina.com/wp-content/plugins/google-analytics-dashboard-for-wp/readme.txt

[+] simple-sitemap
 | Location: https://6holeocarina.com/wp-content/plugins/simple-sitemap/
 | Last Updated: 2022-07-15T09:44:00.000Z
 | [!] The version is out of date, the latest version is 3.5.7
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 3.5 (80% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://6holeocarina.com/wp-content/plugins/simple-sitemap/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:02 <=========================> (137 / 137) 100.00% Time: 00:00:02

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Wed Dec 28 17:27:50 2022
[+] Requests Done: 196
[+] Cached Requests: 7
[+] Data Sent: 41.094 KB
[+] Data Received: 19.77 MB
[+] Memory used: 243.102 MB
[+] Elapsed time: 00:00:07