wpscan-analyze
wpscan-analyze copied to clipboard
Published
20 hours ago •
lukaspustina
lukaspustina
plugins not visible
Hi Lukas, in the output json file I see many more plugins than wpscan-analyze shows. Could you please take a look at it?
thank you Radoslaw
docker run -it -v "$HOME/docker-bind/:/wpscan-analyze/" wpscan-analyze -f test.json
wpscan-analyze version=1.0.4, log level=Level(Warn)
+------------------------+---------+---------------+--------------------+------------+----------+
| Component | Version | Version State | Vulnerabilities | Processing | Result |
+------------------------+---------+---------------+--------------------+------------+----------+
| WordPress | 5.6.8 | Latest | No vulnerabilities | Ok | Ok |
| Main Theme | 1.0.0 | Latest | No vulnerabilities | Ok | Ok |
| Plugin: contact-form-7 | 5.4 | Outdated | No vulnerabilities | Ok | Outdated |
+------------------------+---------+---------------+--------------------+------------+----------+
Analyzer result summary: outdated=1, unknown=0, vulnerabilities=0, failed=0
docker run -it --rm --mount type=bind,source=$HOME/docker-bind,target=/output wpscanteam/wpscan --random-user-agent --ignore-main-redirect -o /output/test.json --format json --url https://xxx.pl/
{
"banner": {
"description": "WordPress Security Scanner by the WPScan Team",
"version": "3.8.22",
"authors": [
"@_WPScan_",
"@ethicalhack3r",
"@erwan_lr",
"@firefart"
],
"sponsor": "Sponsored by Automattic - https://automattic.com/"
},
"start_time": 1661339295,
"start_memory": 46129152,
"target_url": "https://xxx.pl/",
"target_ip": "x.x.x.x",
"effective_url": "https://xxx.pl/",
"interesting_findings": [
{
"url": "https://xxx.pl/",
"to_s": "Headers",
"type": "headers",
"found_by": "Headers (Passive Detection)",
"confidence": 100,
"confirmed_by": {
},
"references": {
},
"interesting_entries": [
"server: nginx/1.14.2"
]
},
{
"url": "https://xxx.pl/xmlrpc.php",
"to_s": "XML-RPC seems to be enabled: https://xxx.pl/xmlrpc.php",
"type": "xmlrpc",
"found_by": "Direct Access (Aggressive Detection)",
"confidence": 100,
"confirmed_by": {
},
"references": {
"url": [
"http://codex.wordpress.org/XML-RPC_Pingback_API"
],
"metasploit": [
"auxiliary/scanner/http/wordpress_ghost_scanner",
"auxiliary/dos/http/wordpress_xmlrpc_dos",
"auxiliary/scanner/http/wordpress_xmlrpc_login",
"auxiliary/scanner/http/wordpress_pingback_access"
]
},
"interesting_entries": [
]
},
{
"url": "https://xxx.pl/readme.html",
"to_s": "WordPress readme found: https://xxx.pl/readme.html",
"type": "readme",
"found_by": "Direct Access (Aggressive Detection)",
"confidence": 100,
"confirmed_by": {
},
"references": {
},
"interesting_entries": [
]
},
{
"url": "https://xxx.pl/wp-cron.php",
"to_s": "The external WP-Cron seems to be enabled: https://xxx.pl/wp-cron.php",
"type": "wp_cron",
"found_by": "Direct Access (Aggressive Detection)",
"confidence": 60,
"confirmed_by": {
},
"references": {
"url": [
"https://www.iplocation.net/defend-wordpress-from-ddos",
"https://github.com/wpscanteam/wpscan/issues/1299"
]
},
"interesting_entries": [
]
}
],
"version": {
"number": "5.6.8",
"release_date": "2022-03-11",
"status": "latest",
"found_by": "Most Common Wp Includes Query Parameter In Homepage (Passive Detection)",
"confidence": 100,
"interesting_entries": [
"https://xxx.pl/wp-includes/css/dist/block-library/style.min.css?ver=5.6.8",
"https://xxx.pl/wp-includes/js/wp-embed.min.js?ver=5.6.8"
],
"confirmed_by": {
"Rss Generator (Aggressive Detection)": {
"confidence": 100,
"interesting_entries": [
"https://xxx.pl/feed/, <generator>https://wordpress.org/?v=5.6.8</generator>",
"https://xxx.pl/comments/feed/, <generator>https://wordpress.org/?v=5.6.8</generator>"
]
}
},
"vulnerabilities": [
]
},
"main_theme": {
"slug": "wytwórnia",
"location": "https://xxx.pl/wp-content/themes/wytw%25C3%25B3rnia/",
"latest_version": null,
"last_updated": null,
"outdated": false,
"readme_url": false,
"directory_listing": false,
"error_log_url": null,
"style_url": "https://xxx.pl/wp-content/themes/wytw%C3%B3rnia/style.css?ver=5.6.8",
"style_name": "Millenium Studio Theme",
"style_uri": "http://underscores.me/",
"description": "Description",
"author": "Millenium Studio",
"author_uri": "https://milleniumstudio.pl/",
"template": null,
"license": "GNU General Public License v2 or later",
"license_uri": "LICENSE",
"tags": "custom-background, custom-logo, custom-menu, featured-images, threaded-comments, translation-ready",
"text_domain": "millenium-studio",
"found_by": "Css Style In Homepage (Passive Detection)",
"confidence": 100,
"interesting_entries": [
],
"confirmed_by": {
"Css Style In 404 Page (Passive Detection)": {
"confidence": 70,
"interesting_entries": [
]
}
},
"vulnerabilities": [
],
"version": {
"number": "1.0.0",
"confidence": 80,
"found_by": "Style (Passive Detection)",
"interesting_entries": [
"https://xxx.pl/wp-content/themes/wytw%C3%B3rnia/style.css?ver=5.6.8, Match: 'Version: 1.0.0'"
],
"confirmed_by": {
}
},
"parents": [
]
},
"plugins": {
"contact-form-7": {
"slug": "contact-form-7",
"location": "https://xxx.pl/wp-content/plugins/contact-form-7/",
"latest_version": "5.6.2",
"last_updated": "2022-08-10T08:49:00.000Z",
"outdated": true,
"readme_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Urls In Homepage (Passive Detection)",
"confidence": 100,
"interesting_entries": [
],
"confirmed_by": {
"Urls In 404 Page (Passive Detection)": {
"confidence": 80,
"interesting_entries": [
]
}
},
"vulnerabilities": [
],
"version": {
"number": "5.4",
"confidence": 90,
"found_by": "Query Parameter (Passive Detection)",
"interesting_entries": [
"https://xxx.pl/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4"
],
"confirmed_by": {
"Readme - Stable Tag (Aggressive Detection)": {
"confidence": 80,
"interesting_entries": [
"https://xxx.pl/wp-content/plugins/contact-form-7/readme.txt"
]
}
}
}
},
"newsletter": {
"slug": "newsletter",
"location": "https://xxx.pl/wp-content/plugins/newsletter/",
"latest_version": "7.5.1",
"last_updated": "2022-08-03T14:29:00.000Z",
"outdated": false,
"readme_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Urls In Homepage (Passive Detection)",
"confidence": 100,
"interesting_entries": [
],
"confirmed_by": {
"Urls In 404 Page (Passive Detection)": {
"confidence": 80,
"interesting_entries": [
]
}
},
"vulnerabilities": [
],
"version": {
"number": "7.5.1",
"confidence": 100,
"found_by": "Query Parameter (Passive Detection)",
"interesting_entries": [
"https://xxx.pl/wp-content/plugins/newsletter/style.css?ver=7.5.1"
],
"confirmed_by": {
"Readme - Stable Tag (Aggressive Detection)": {
"confidence": 80,
"interesting_entries": [
"https://xxx.pl/wp-content/plugins/newsletter/readme.txt"
]
},
"Readme - ChangeLog Section (Aggressive Detection)": {
"confidence": 50,
"interesting_entries": [
"https://xxx.pl/wp-content/plugins/newsletter/readme.txt"
]
}
}
}
},
"sare-integration": {
"slug": "sare-integration",
"location": "https://xxx.pl/wp-content/plugins/sare-integration/",
"latest_version": null,
"last_updated": null,
"outdated": false,
"readme_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Urls In Homepage (Passive Detection)",
"confidence": 100,
"interesting_entries": [
],
"confirmed_by": {
"Urls In 404 Page (Passive Detection)": {
"confidence": 80,
"interesting_entries": [
]
}
},
"vulnerabilities": [
],
"version": null
},
"sitepress-multilingual-cms": {
"slug": "sitepress-multilingual-cms",
"location": "https://xxx.pl/wp-content/plugins/sitepress-multilingual-cms/",
"latest_version": null,
"last_updated": null,
"outdated": false,
"readme_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Urls In Homepage (Passive Detection)",
"confidence": 100,
"interesting_entries": [
],
"confirmed_by": {
"Urls In 404 Page (Passive Detection)": {
"confidence": 80,
"interesting_entries": [
]
},
"Meta Generator (Passive Detection)": {
"confidence": 40,
"interesting_entries": [
]
}
},
"vulnerabilities": [
],
"version": {
"number": "4.4.4",
"confidence": 100,
"found_by": "Meta Generator (Passive Detection)",
"interesting_entries": [
"https://xxx.pl/, Match: 'WPML ver:4.4.4 stt'"
],
"confirmed_by": {
"Readme - Stable Tag (Aggressive Detection)": {
"confidence": 80,
"interesting_entries": [
"https://xxx.pl/wp-content/plugins/sitepress-multilingual-cms/readme.txt"
]
}
}
}
},
"wp-image-lazy-load": {
"slug": "wp-image-lazy-load",
"location": "https://xxx.pl/wp-content/plugins/wp-image-lazy-load/",
"latest_version": "1.6.3.3",
"last_updated": "2019-11-07T16:13:00.000Z",
"outdated": false,
"readme_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Urls In Homepage (Passive Detection)",
"confidence": 100,
"interesting_entries": [
],
"confirmed_by": {
"Urls In 404 Page (Passive Detection)": {
"confidence": 80,
"interesting_entries": [
]
}
},
"vulnerabilities": [
],
"version": {
"number": "1.6.3.3",
"confidence": 80,
"found_by": "Readme - Stable Tag (Aggressive Detection)",
"interesting_entries": [
"https://xxx.pl/wp-content/plugins/wp-image-lazy-load/readme.txt"
],
"confirmed_by": {
}
}
}
},
"config_backups": {
},
"vuln_api": {
"error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 25 daily requests by registering at https://wpscan.com/register"
},
"stop_time": 1661339304,
"elapsed": 9,
"requests_done": 188,
"cached_requests": 6,
"data_sent": 49184,
"data_sent_humanised": "48.031 KB",
"data_received": 442620,
"data_received_humanised": "432.246 KB",
"used_memory": 354095104,
"used_memory_humanised": "337.691 MB"
}
Hi, that's expected. By default, wpscan-analyze only show's plugins that are not ok. Try wpscan-analyze -f output.json --output-detail all.
