WPScan - Bakin Akwatin Na'urar Binciken Rashin Lafiya ta WordPress


WordPress yana kan yanar gizo; shi ne mafi mashahuri kuma mafi yawan amfani da tsarin sarrafa abun ciki (CMS) a can. Ana amfani da gidan yanar gizonku ko blog ɗin ku ta WordPress? Shin kun san cewa miyagu masu kutse suna kai hari a shafukan WordPress kowane minti daya? Idan ba ku yi ba, yanzu kun sani.

Mataki na farko don tabbatar da gidan yanar gizonku ko bulogi shine yin kimanta rashin lahani. Wannan aiki ne kawai don gano madogaran tsaro gama gari (wanda jama'a suka sani), a cikin rukunin yanar gizonku ko ginin gininsa.

A cikin wannan labarin, za mu nuna muku yadda ake shigarwa da amfani da WPScan, na'urar daukar hotan takardu ta kyauta da aka ƙirƙira don ƙwararrun tsaro da masu kula da gidan yanar gizon don gwada amincin gidajen yanar gizon su.

Yadda ake Sanya WPScan a cikin Linux Systems

Hanyar da aka ba da shawarar shigar da gudanar da WPScan ita ce amfani da hoton Docker na hukuma, wannan zai taimaka muku kawar da matsalolin shigarwa (mafi yawan abubuwan dogaro).

Ya kamata ku sami shirin CURL don saukewa da gudanar da rubutun harsashi wanda zai ƙara wurin ajiyar Docker zuwa tsarin ku kuma shigar da fakitin da ake buƙata.

$ sudo curl -fsSL https://get.docker.com | sh

Da zarar an shigar da Docker cikin nasara, fara sabis ɗin, ba shi damar farawa ta atomatik a lokacin boot ɗin tsarin kuma duba idan ya tashi yana gudana kamar haka.

# sudo systemctl start docker
# sudo systemctl enable docker
# sudo systemctl status docker

Na gaba, ja hoton WPScan Docker ta amfani da umarni mai zuwa.

$ docker pull wpscanteam/wpscan

Da zarar hoton WPScan Docker ya sauke, zaku iya jera hotunan Docker akan tsarin ku ta amfani da umarni mai zuwa.

$ docker images

Duban fitowar daga wannan screesnhot mai zuwa, hoton ma'ajin WPScan shine wpscanteam/wpscan wanda zaku yi amfani da shi a sashe na gaba.

Yadda ake Yin Scan na Rauni na WordPress Amfani da WPScan

Hanya mafi sauƙi na yin duban rauni ta amfani da WPScan ita ce samar da URL ɗin gidan yanar gizon ku na WordPress kamar yadda aka nuna (maye gurbin www.example.com tare da URL na rukunin yanar gizon ku).

$ docker run wpscanteam/wpscan --url www.example.com

WPScan zai yi ƙoƙarin nemo masu kan HTTP masu ban sha'awa kamar SERVER (nau'in sabar yanar gizo da sigar) da X-POWERED-BY (nau'in PHP); za ta kuma nemo duk wani fallasa APIs, hanyar ciyarwar RSS da masu amfani.

Sa'an nan kuma za ta ci gaba da ƙididdige nau'in WordPress ɗin kuma bincika idan ya dace ko kuma idan akwai wasu lahani masu alaƙa da lambar sigar da aka gano. Bugu da ƙari, za ta yi ƙoƙarin gano jigon da kuma shigar da plugins don gano shi sun kasance na zamani.

Kuna iya aiwatar da ƙarfin kalmar sirri ta kalmar sirri akan ƙidayar masu amfani ta amfani da zaren 30 ta amfani da umarni mai zuwa. Tutocin --wordlist da --threads don tantance jerin kalmomi da saita adadin zaren a karɓa.

$ docker run wpscanteam/wpscan --url www.example.com --wordlist wordlist_file.txt --threads 30

Don aiwatar da kalmar sirrin kalmar sirri mai ƙarfi akan sunan mai amfani kawai \admin, gudanar da umarni mai zuwa.

$ docker run wpscanteam/wpscan --url www.example.com --wordlist wordlist_file.txt --username admin

A madadin, zaku iya sanya jerin kalmomi na gida akan tsarin ku zuwa kwandon docker kuma ku fara kai hari ga mai amfani.

$ docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url www.example.com --wordlist /wordlists/wordlist_file.txt --username admin

Don ƙididdige abubuwan da aka shigar, gudanar da umarni mai zuwa.

$ docker run wpscanteam/wpscan --url www.example.com --enumerate p

Idan ƙididdige plugins ɗin da aka shigar bai isa ba, zaku iya gudanar da duk kayan aikin ƙidayar kamar yadda aka nuna.

$ docker run wpscanteam/wpscan --url www.example.com --enumerate

Don ba da damar gyara abubuwan fitarwa, yi amfani da alamar --debug-ouput, sannan a tura fitarwa zuwa fayil don bincike na gaba.

$ docker run wpscanteam/wpscan --url www.example.com --debug-output 2>debug.log

A ƙarshe amma ba kalla ba, zaku iya sabunta bayanan WPScan zuwa sabon sigar ta aiwatar da umarni mai zuwa.

$ docker run wpscanteam/wpscan --update

Kuna iya duba Docker da WPS zasu iya taimakawa saƙonni tare da waɗannan umarni.

$ docker -h  
$ docker run wpscanteam/wpscan -h

WPScan Github wurin ajiya: https://github.com/wpscanteam/wpscan

Wannan ke nan a yanzu! WPScan babban akwatin baƙar fata ne mai ƙarfi na na'urar daukar hoto ta rashin lafiyar WordPress wanda yakamata ku samu a cikin arsenal ɗin kayan aikin tsaro na yanar gizo. A cikin wannan jagorar, mun nuna yadda ake girka da amfani da WPScan tare da wasu misalai na asali. Yi kowace tambaya ko raba ra'ayoyin ku tare da mu a cikin sharhi.