plecost包装说明
WordPress的手指打印机工具,plecost搜索和检索有关安装在系统中的WordPress插件版本的信息。它可以分析一个URL或基于由谷歌索引的结果进行分析。此外显示每个插件有关,如果有CVE代码。 Plecost检索包含在由WordPress支持的Web站点的信息,并且还允许由谷歌索引的结果的搜索。 资料来源:https://code.google.com/p/plecost/
- 作者:弗朗西斯科耶稣戈麦斯,丹尼尔·加西亚·加西亚
许可:GPLv3的
0x01 包含在plecost包工具
plecost ```bash
:~# plecost -h //////////////////////////////////////////// // ..................................DMI... // .............................:MMMM...... // .........................$MMMMM:........ // .........M.....,M,=NMMMMMMMMD........... // ........MMN...MMMMMMMMMMMM,............. // .......MMMMMMMMMMMMMMMMM~............... // .......MMMMMMMMMMMMMMM.................. // ....?MMMMMMMMMMMMMMMN$I................. // .?.MMMMMMMMMMMMMMMMMMMMMM............... // .MMMMMMMMMMMMMMN........................ // 7MMMMMMMMMMMMMON$....................... // ZMMMMMMMMMMMMMMMMMM.......plecost....... // .:MMMMMMMZ~7MMMMMMMMMO.................. // ....~+:................................. // // Plecost - Wordpress finger printer Tool (with threads support) 0.2.2-9-beta // // Developed by: // Francisco Jesus Gomez aka (
) // Daniel Garcia Garcia (
) // // Info: http://iniqua.com/labs/ // Bug report:
Usage: /usr/bin/plecost [options] [ URL | [-l num] -G] Google search options: -l num : Limit number of results for each plugin in google. -G : Google search mode Options: -n : Number of plugins to use (Default all - more than 7000). -c : Check plugins only with CVE associated. -R file : Reload plugin list. Use -n option to control the size (This take several minutes) -o file : Output file. (Default "output.txt") -i file : Input plugin list. (Need to start the program) -s time : Min sleep time between two probes. Time in seconds. (Default 10) -M time : Max sleep time between two probes. Time in seconds. (Default 20) -t num : Number of threads. (Default 1) -h : Display help. (More info: http://iniqua.com/labs/) Examples:
- Reload first 5 plugins list:
plecost -R plugins.txt -n 5 - Search vulnerable sites for first 5 plugins:
plecost -n 5 -G -i plugins.txt Search plugins with 20 threads, sleep time between 12 and 30 seconds for www.example.com:
plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example.com```
0x02 plecost用法示例
使用100 插件(-n 100),睡眠 持续10秒 探针(-s 10),但 不超过 15(-M 15) 之间,并使用插件列表 (-i /usr/share/plecost/wp_plugin_list.txt) 到扫描指定的 * URL(192.168.1.202/wordpress)* : ```bash
:~# plecost -n 100 -s 10 -M 15 -i /usr/share/plecost/wp_plugin_list.txt 192.168.1.202/wordpress [*] Num of checks set to: 100
[] Input plugin list set to: /usr/share/plecost/wp_plugin_list.txt [] Min sleep time set to: 10
[*] Max sleep time set to: 15
==> Results for: 192.168.1.202/wordpress <== [i] Wordpress version found: 3.9.1 [i] Wordpress last public version: 3.9.1 [*] Search for installed plugins [i] Plugin found: akismet |Latest version: 2.4.0 | Installed version: 3.0.0 |_CVE list: |CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334) |CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714) |CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743) |CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334) |CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714) |CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743) ```
原文来自:https://www.hackfun.org/kali-tools/plecost_zh.html。转载请注明原出处,商用请联系原作者授权。