WPeku - Scanner mai rauni don Nemo Matsalolin Tsaro a cikin WordPress

WordPress tushe ne mai kyauta kuma buɗaɗɗe, tsarin sarrafa abun ciki wanda ake iya daidaita shi sosai (CMS) wanda miliyoyin mutane a duniya ke amfani da su don gudanar da shafukan yanar gizo da cikakkun gidajen yanar gizo masu aiki. Saboda ita ce CMS da aka fi amfani da ita a can, akwai abubuwa da yawa masu yuwuwar tsaro na WordPress da za a damu da su.

Koyaya, waɗannan lamuran tsaro za a iya magance su, idan muka bi tsarin tsaro na WordPress gama gari. A cikin wannan labarin, za mu nuna muku yadda ake amfani da WPeku, na'urar daukar hotan takardu ta rashin lafiyar WordPress a cikin Linux, wanda za'a iya amfani da shi don nemo ramukan tsaro a cikin shigarwar WordPress ɗin ku da toshe yuwuwar barazanar.

WPeku na'urar daukar hotan takardu ce mai sauki ta rashin lahani da aka rubuta ta amfani da Python, ana iya amfani da shi don duba kayan aikin WordPress na gida da na nesa don nemo batutuwan tsaro.

Yadda ake Shigar WPeku - Scanner Vulnerability na WordPress a cikin Linux

Don shigar da WPeku a cikin Linux, kuna buƙatar rufe sabon sigar WPeku daga ma'ajin Github kamar yadda aka nuna.

$ cd ~
$ git clone https://github.com/m4ll0k/WPSeku

Da zarar kun samo shi, matsa zuwa cikin WPSeku directory kuma gudanar da shi kamar haka.

$ cd WPSeku

Yanzu gudanar da WPSeku ta amfani da zaɓin -u don tantance URL ɗin shigarwa na WordPress kamar wannan.

$ ./wpseku.py -u http://yourdomain.com 

Umurnin da ke ƙasa zai nemo rubutun giciye, haɗa fayil ɗin gida, da raunin alluran SQL a cikin plugins ɗinku na WordPress ta amfani da zaɓin -p, kuna buƙatar ƙayyade wurin plugins a cikin URL:

$ ./wpseku.py -u http://yourdomain.com/wp-content/plugins/wp/wp.php?id= -p [x,l,s]

Umurnin da ke biyowa zai aiwatar da shigar da kalmar sirri ta karfi da kalmar shiga ta XML-RPC ta amfani da zaɓi -b. Hakanan, zaku iya saita sunan mai amfani da jerin kalmomi ta amfani da --user da --wordlist zaɓuka kamar yadda aka nuna a ƙasa.

$ ./wpseku.py -u http://yourdomian.com --user username --wordlist wordlist.txt -b [l,x]   

Don duba duk zaɓuɓɓukan amfani da WPeku, rubuta.

$ ./wpseku.py --help

Wurin ajiya na WPeku Github: https://github.com/m4ll0k/WPSeku

Shi ke nan! A cikin wannan labarin, mun nuna muku yadda ake samun da amfani da WPeku don bincika raunin WordPress a cikin Linux. WordPress yana da amintacce amma kawai idan mun bi mafi kyawun ayyuka na tsaro na WordPress. Kuna da wani tunanin da za ku raba? Idan eh, to yi amfani da sashin sharhin da ke ƙasa.