This repository has been archived by the owner on Oct 14, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into zap-integration-tests
- Loading branch information
Showing
11 changed files
with
292 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,3 +6,5 @@ parserImage: | |
| scannerJob: | ||
| ttlSecondsAfterFinished: null | ||
| resources: {} | ||
| extraVolumes: [] | ||
| extraVolumeMounts: [] | ||
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,101 @@ | ||
| [ | ||
| { | ||
| "name": "WordPress Service", | ||
| "description": "WordPress Service Information", | ||
| "category": "WordPress Service", | ||
| "location": "http://old-wordpress.demo-apps.svc.cluster.local/", | ||
| "osi_layer": "APPLICATION", | ||
| "severity": "INFORMATIONAL", | ||
| "reference": {}, | ||
| "confidence": 100, | ||
| "attributes": { | ||
| "ip_address": "10.99.82.140", | ||
| "wpscan_version": "3.8.7", | ||
| "wpscan_requests": 4777, | ||
| "wp_version": "4.0.31", | ||
| "wp_release_date": "2020-06-10", | ||
| "wp_release_status": "latest", | ||
| "wp_interesting_entries": [ | ||
| "http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'" | ||
| ], | ||
| "wp_found_by": "Meta Generator (Passive Detection)", | ||
| "wp_confirmed_by": { | ||
| "Atom Generator (Aggressive Detection)": { | ||
| "confidence": 80, | ||
| "interesting_entries": [ | ||
| "http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, <generator uri=\"https://wordpress.org/\" version=\"4.0.31\">WordPress</generator>" | ||
| ] | ||
| } | ||
| }, | ||
| "wp_vulnerabilities": [] | ||
| }, | ||
| "id": "35e61c23-d525-4509-a024-d1aef37a1623" | ||
| }, | ||
| { | ||
| "name": "WordPress finding 'headers'", | ||
| "description": "Headers", | ||
| "category": "WordPress headers", | ||
| "location": "http://old-wordpress.demo-apps.svc.cluster.local/", | ||
| "osi_layer": "APPLICATION", | ||
| "severity": "INFORMATIONAL", | ||
| "confidence": 100, | ||
| "reference": {}, | ||
| "attributes": { | ||
| "wp_interesting_entries": [ | ||
| "Server: nginx/1.7.7", | ||
| "X-Powered-By: PHP/5.4.34-0+deb7u1" | ||
| ], | ||
| "wp_found_by": "Headers (Passive Detection)", | ||
| "wp_confirmed_by": {} | ||
| }, | ||
| "id": "ca074030-2e55-4a10-bf8f-039c1b8978d9" | ||
| }, | ||
| { | ||
| "name": "WordPress finding 'xmlrpc'", | ||
| "description": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", | ||
| "category": "WordPress xmlrpc", | ||
| "location": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", | ||
| "osi_layer": "APPLICATION", | ||
| "severity": "INFORMATIONAL", | ||
| "confidence": 100, | ||
| "reference": {}, | ||
| "attributes": { | ||
| "wp_interesting_entries": [], | ||
| "wp_found_by": "Direct Access (Aggressive Detection)", | ||
| "wp_confirmed_by": {} | ||
| }, | ||
| "id": "9b521d88-4018-4069-971d-7a020eebab51" | ||
| }, | ||
| { | ||
| "name": "WordPress finding 'readme'", | ||
| "description": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html", | ||
| "category": "WordPress readme", | ||
| "location": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html", | ||
| "osi_layer": "APPLICATION", | ||
| "severity": "INFORMATIONAL", | ||
| "confidence": 100, | ||
| "reference": {}, | ||
| "attributes": { | ||
| "wp_interesting_entries": [], | ||
| "wp_found_by": "Direct Access (Aggressive Detection)", | ||
| "wp_confirmed_by": {} | ||
| }, | ||
| "id": "7160e807-b6bb-4994-9477-22cac8e2f549" | ||
| }, | ||
| { | ||
| "name": "WordPress finding 'wp_cron'", | ||
| "description": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", | ||
| "category": "WordPress wp_cron", | ||
| "location": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", | ||
| "osi_layer": "APPLICATION", | ||
| "severity": "INFORMATIONAL", | ||
| "confidence": 60, | ||
| "reference": {}, | ||
| "attributes": { | ||
| "wp_interesting_entries": [], | ||
| "wp_found_by": "Direct Access (Aggressive Detection)", | ||
| "wp_confirmed_by": {} | ||
| }, | ||
| "id": "828bf907-da73-4076-994b-a46652b1f972" | ||
| } | ||
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| apiVersion: "execution.experimental.securecodebox.io/v1" | ||
| kind: Scan | ||
| metadata: | ||
| name: "wpscan-old-wordpress-internal" | ||
| spec: | ||
| scanType: "wpscan" | ||
| parameters: | ||
| - "--url" | ||
| - old-wordpress.demo-apps.svc.cluster.local | ||
| - "-e" | ||
| - "vp" | ||
| - "--plugins-detection" | ||
| - "mixed" |
134 changes: 134 additions & 0 deletions
134
scanners/wpscan/examples/old-wordpress/wpscan-results.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| { | ||
| "banner": { | ||
| "description": "WordPress Security Scanner by the WPScan Team", | ||
| "version": "3.8.7", | ||
| "authors": [ | ||
| "@_WPScan_", | ||
| "@ethicalhack3r", | ||
| "@erwan_lr", | ||
| "@firefart" | ||
| ], | ||
| "sponsor": "Sponsored by Automattic - https://automattic.com/" | ||
| }, | ||
| "start_time": 1600682567, | ||
| "start_memory": 42774528, | ||
| "target_url": "http://old-wordpress.demo-apps.svc.cluster.local/", | ||
| "target_ip": "10.99.82.140", | ||
| "effective_url": "http://old-wordpress.demo-apps.svc.cluster.local/", | ||
| "interesting_findings": [ | ||
| { | ||
| "url": "http://old-wordpress.demo-apps.svc.cluster.local/", | ||
| "to_s": "Headers", | ||
| "type": "headers", | ||
| "found_by": "Headers (Passive Detection)", | ||
| "confidence": 100, | ||
| "confirmed_by": { | ||
|
|
||
| }, | ||
| "references": { | ||
|
|
||
| }, | ||
| "interesting_entries": [ | ||
| "Server: nginx/1.7.7", | ||
| "X-Powered-By: PHP/5.4.34-0+deb7u1" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", | ||
| "to_s": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", | ||
| "type": "xmlrpc", | ||
| "found_by": "Direct Access (Aggressive Detection)", | ||
| "confidence": 100, | ||
| "confirmed_by": { | ||
|
|
||
| }, | ||
| "references": { | ||
| "url": [ | ||
| "http://codex.wordpress.org/XML-RPC_Pingback_API" | ||
| ], | ||
| "metasploit": [ | ||
| "auxiliary/scanner/http/wordpress_ghost_scanner", | ||
| "auxiliary/dos/http/wordpress_xmlrpc_dos", | ||
| "auxiliary/scanner/http/wordpress_xmlrpc_login", | ||
| "auxiliary/scanner/http/wordpress_pingback_access" | ||
| ] | ||
| }, | ||
| "interesting_entries": [ | ||
|
|
||
| ] | ||
| }, | ||
| { | ||
| "url": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html", | ||
| "to_s": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html", | ||
| "type": "readme", | ||
| "found_by": "Direct Access (Aggressive Detection)", | ||
| "confidence": 100, | ||
| "confirmed_by": { | ||
|
|
||
| }, | ||
| "references": { | ||
|
|
||
| }, | ||
| "interesting_entries": [ | ||
|
|
||
| ] | ||
| }, | ||
| { | ||
| "url": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", | ||
| "to_s": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", | ||
| "type": "wp_cron", | ||
| "found_by": "Direct Access (Aggressive Detection)", | ||
| "confidence": 60, | ||
| "confirmed_by": { | ||
|
|
||
| }, | ||
| "references": { | ||
| "url": [ | ||
| "https://www.iplocation.net/defend-wordpress-from-ddos", | ||
| "https://github.com/wpscanteam/wpscan/issues/1299" | ||
| ] | ||
| }, | ||
| "interesting_entries": [ | ||
|
|
||
| ] | ||
| } | ||
| ], | ||
| "version": { | ||
| "number": "4.0.31", | ||
| "release_date": "2020-06-10", | ||
| "status": "latest", | ||
| "found_by": "Meta Generator (Passive Detection)", | ||
| "confidence": 100, | ||
| "interesting_entries": [ | ||
| "http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'" | ||
| ], | ||
| "confirmed_by": { | ||
| "Atom Generator (Aggressive Detection)": { | ||
| "confidence": 80, | ||
| "interesting_entries": [ | ||
| "http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, <generator uri=\"https://wordpress.org/\" version=\"4.0.31\">WordPress</generator>" | ||
| ] | ||
| } | ||
| }, | ||
| "vulnerabilities": [ | ||
|
|
||
| ] | ||
| }, | ||
| "main_theme": null, | ||
| "plugins": { | ||
|
|
||
| }, | ||
| "vuln_api": { | ||
| "error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up" | ||
| }, | ||
| "stop_time": 1600682792, | ||
| "elapsed": 225, | ||
| "requests_done": 4777, | ||
| "cached_requests": 4, | ||
| "data_sent": 1459447, | ||
| "data_sent_humanised": "1.392 MB", | ||
| "data_received": 18563423, | ||
| "data_received_humanised": "17.703 MB", | ||
| "used_memory": 299765760, | ||
| "used_memory_humanised": "285.879 MB" | ||
| } |