$mysql -u[UserID] -p[Password] -e'SHOW VARIABLES LIKE "datadir"'
+---------------+-----------------------+
| Variable_name | Value |
+---------------+-----------------------+
| datadir | /usr/local/var/mysql/ |
+---------------+-----------------------+
#========================
MacにDjangoの環境を構築
#========================
pyenvでpythonの各バージョン管理
virtualenvで個別の仮想環境に対応します。
・Django2.0
・Python3.5.2
・MariaDB
・Eclipse4.7
※前提としてhomebrewが使用できることです。
https://brew.sh/index_ja.html
#========
1. MariaDBのインストール
#========
$brew install mariadb
#サービスの開始
$mysql.server start
#セキュリティの初期設定
$mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
#====
MariaDBにログインし初期設定
#====
$ mysql -uroot -p{パスワード}
MariaDB [(none)]> create database {データベース名} default charset utf8;
MariaDB [(none)]> grant all privileges on {データベース名}.* to {ユーザー名}@localhost identified by '{パスワード}';
MariaDB [(none)]> FLUSH PRIVILEGES;
#========================
2. pyenvのインストール(複数のPythonを共存する為です。)
#========================
$git clone https://github.com/yyuu/pyenv.git ~/.pyenv
#設定を.bashrcに追加
$nano .bashrc
#==== ここまで追加 ====
export PYENV_ROOT=$HOME/.pyenv
export PATH=$PYENV_ROOT/bin:$PATH
eval "$(pyenv init -)"
#==== ここまで追加 ====
#========================
3. pyenvでpython3.5.2をインストール
#========================
$ pyenv install 3.5.2
Downloading Python-3.5.2.tar.xz...
-> https://www.python.org/ftp/python/3.5.2/Python-3.5.2.tar.xz
Installing Python-3.5.2...
patching file Lib/venv/scripts/posix/activate.fish
Installed Python-3.5.2 to /Users/dummy/.pyenv/versions/3.5.2
# グローバルで使用するpythonを3.5.2に設定
$ pyenv global 3.5.2
$ python
Python 3.5.2 (default, Jan 30 2018, 12:09:38)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>
#========================
4. virtualenvのインストールと仮想環境に入る方法
#========================
複数の環境を検証する為の仮想環境を構築する為
$ pip install virtualenv
Collecting virtualenv
Using cached virtualenv-15.1.0-py2.py3-none-any.whl
Installing collected packages: virtualenv
Successfully installed virtualenv-15.1.0
You are using pip version 8.1.1, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
$ pip install --upgrade pip
Collecting pip
Using cached pip-9.0.1-py2.py3-none-any.whl
Installing collected packages: pip
Found existing installation: pip 8.1.1
Uninstalling pip-8.1.1:
Successfully uninstalled pip-8.1.1
Successfully installed pip-9.0.1
#==== 任意の場所に仮想環境を作成 ====
ここではdjango2.0とpython3.5.2用を作成
#===============================
※dummyユーザーのDocuments/develop/virtual_conf/に作成します。
$ virtualenv django2.0_py3.5.2
Using base prefix '/Users/dummy/.pyenv/versions/3.5.2'
New python executable in /Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/python3.5
Also creating executable in /Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/python
Installing setuptools, pip, wheel...done.
#========
作成した仮想環境を有効にする
#========
$ cd django2.0_py3.5.2/
$ cd bin
$ source ./activate
(django2.0_py3.5.2) $
#===============================
Django2.0を仮想環境にインストール
#===============================
(django2.0_py3.5.2) $ pip install django==2.0
※自分はこれをインストール
$ pip install mod_wsgi
$ pip install django-debug-toolbar
$ pip install pytz
$ pip install python-dateutil
$ pip install mysqlclient
#========================
Eclipseのダウンロード
#========================
http://mergedoc.osdn.jp/
Eclipse4.7 Oxygen
Mac64bit版
Python
をダウンロード
#========================
Eclipseから新規 PyDev Djangoプロジェクト作成
#========================
1.メニュー -> 新規 -> その他 -> Pydev Djangoプロジェクト
2.プロジェクト名に{任意の名前}
3.文法バージョン 3.0 - 3.5
4.インタープリター
「リストされていないインタープリターを構成するにはここをクリックしてください。」をクリック
5.Python インタープリター -> 新規...
インタープリター名: django2.0_py3.5.2
インタープリター実行ファイル:/Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/python3.5
作成した仮想環境を選択したDjangoプロジェクトができる
django2.0_py3.5.2を選択
6.次へ ※参照ページも次へ
7.Django Settings
Django version:1.4 or later
Database Engine MySQL
※他はあとから設定
完了
#========================
作成プロジェクトにDB設定を行う
#========================
{プロジェクト名}-sesttings.pyのDATABASESを書き換える
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME' : '{データベース名}',
'HOST' : 'localhost',
'USER' : '{ユーザー名}',
'PASSWORD' : '{パスワード}',
'PORT' : '3306',
}
}
#========================
動作確認
#========================
プロジェクト(右クリック) - [実行] - [1: Pydev Django]
Performing system checks...
System check identified no issues (0 silenced).
You have 14 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): admin, auth, contenttypes, sessions.
Run 'python manage.py migrate' to apply them.
January 30, 2018 - 04:54:47
Django version 2.0, using settings 'test2.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
http://127.0.0.1:8000/にアクセスすると
The install worked successfully! Congratulations!
と表示されればセットアップOK
後はアプリケーションを作ってMake Migrationsとかせんといかん。
#=======
eclipseでデバッグ時にWorningができる時の対応
#=======
$cd /Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/
$./python3.5 /Applications/Eclipse_4.7.2.app/Contents/Eclipse/dropins/PyDev/eclipse/plugins/org.python.pydev_6.2.0.201711281614/pysrc/setup_cython.py build_ext --inplace
MacにDjangoの環境を構築
#========================
pyenvでpythonの各バージョン管理
virtualenvで個別の仮想環境に対応します。
・Django2.0
・Python3.5.2
・MariaDB
・Eclipse4.7
※前提としてhomebrewが使用できることです。
https://brew.sh/index_ja.html
#========
1. MariaDBのインストール
#========
$brew install mariadb
#サービスの開始
$mysql.server start
#セキュリティの初期設定
$mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
#====
MariaDBにログインし初期設定
#====
$ mysql -uroot -p{パスワード}
MariaDB [(none)]> create database {データベース名} default charset utf8;
MariaDB [(none)]> grant all privileges on {データベース名}.* to {ユーザー名}@localhost identified by '{パスワード}';
MariaDB [(none)]> FLUSH PRIVILEGES;
#========================
2. pyenvのインストール(複数のPythonを共存する為です。)
#========================
$git clone https://github.com/yyuu/pyenv.git ~/.pyenv
#設定を.bashrcに追加
$nano .bashrc
#==== ここまで追加 ====
export PYENV_ROOT=$HOME/.pyenv
export PATH=$PYENV_ROOT/bin:$PATH
eval "$(pyenv init -)"
#==== ここまで追加 ====
#========================
3. pyenvでpython3.5.2をインストール
#========================
$ pyenv install 3.5.2
Downloading Python-3.5.2.tar.xz...
-> https://www.python.org/ftp/python/3.5.2/Python-3.5.2.tar.xz
Installing Python-3.5.2...
patching file Lib/venv/scripts/posix/activate.fish
Installed Python-3.5.2 to /Users/dummy/.pyenv/versions/3.5.2
# グローバルで使用するpythonを3.5.2に設定
$ pyenv global 3.5.2
$ python
Python 3.5.2 (default, Jan 30 2018, 12:09:38)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>
#========================
4. virtualenvのインストールと仮想環境に入る方法
#========================
複数の環境を検証する為の仮想環境を構築する為
$ pip install virtualenv
Collecting virtualenv
Using cached virtualenv-15.1.0-py2.py3-none-any.whl
Installing collected packages: virtualenv
Successfully installed virtualenv-15.1.0
You are using pip version 8.1.1, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
$ pip install --upgrade pip
Collecting pip
Using cached pip-9.0.1-py2.py3-none-any.whl
Installing collected packages: pip
Found existing installation: pip 8.1.1
Uninstalling pip-8.1.1:
Successfully uninstalled pip-8.1.1
Successfully installed pip-9.0.1
#==== 任意の場所に仮想環境を作成 ====
ここではdjango2.0とpython3.5.2用を作成
#===============================
※dummyユーザーのDocuments/develop/virtual_conf/に作成します。
$ virtualenv django2.0_py3.5.2
Using base prefix '/Users/dummy/.pyenv/versions/3.5.2'
New python executable in /Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/python3.5
Also creating executable in /Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/python
Installing setuptools, pip, wheel...done.
#========
作成した仮想環境を有効にする
#========
$ cd django2.0_py3.5.2/
$ cd bin
$ source ./activate
(django2.0_py3.5.2) $
#===============================
Django2.0を仮想環境にインストール
#===============================
(django2.0_py3.5.2) $ pip install django==2.0
※自分はこれをインストール
$ pip install mod_wsgi
$ pip install django-debug-toolbar
$ pip install pytz
$ pip install python-dateutil
$ pip install mysqlclient
#========================
Eclipseのダウンロード
#========================
http://mergedoc.osdn.jp/
Eclipse4.7 Oxygen
Mac64bit版
Python
をダウンロード
#========================
Eclipseから新規 PyDev Djangoプロジェクト作成
#========================
1.メニュー -> 新規 -> その他 -> Pydev Djangoプロジェクト
2.プロジェクト名に{任意の名前}
3.文法バージョン 3.0 - 3.5
4.インタープリター
「リストされていないインタープリターを構成するにはここをクリックしてください。」をクリック
5.Python インタープリター -> 新規...
インタープリター名: django2.0_py3.5.2
インタープリター実行ファイル:/Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/python3.5
作成した仮想環境を選択したDjangoプロジェクトができる
django2.0_py3.5.2を選択
6.次へ ※参照ページも次へ
7.Django Settings
Django version:1.4 or later
Database Engine MySQL
※他はあとから設定
完了
#========================
作成プロジェクトにDB設定を行う
#========================
{プロジェクト名}-sesttings.pyのDATABASESを書き換える
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME' : '{データベース名}',
'HOST' : 'localhost',
'USER' : '{ユーザー名}',
'PASSWORD' : '{パスワード}',
'PORT' : '3306',
}
}
#========================
動作確認
#========================
プロジェクト(右クリック) - [実行] - [1: Pydev Django]
Performing system checks...
System check identified no issues (0 silenced).
You have 14 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): admin, auth, contenttypes, sessions.
Run 'python manage.py migrate' to apply them.
January 30, 2018 - 04:54:47
Django version 2.0, using settings 'test2.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
http://127.0.0.1:8000/にアクセスすると
The install worked successfully! Congratulations!
と表示されればセットアップOK
後はアプリケーションを作ってMake Migrationsとかせんといかん。
#=======
eclipseでデバッグ時にWorningができる時の対応
#=======
$cd /Users/dummy/Documents/develop/virtual_conf/django2.0_py3.5.2/bin/
$./python3.5 /Applications/Eclipse_4.7.2.app/Contents/Eclipse/dropins/PyDev/eclipse/plugins/org.python.pydev_6.2.0.201711281614/pysrc/setup_cython.py build_ext --inplace
Python2系で動くWordpress用のスキャナーがあったので仮想環境作って使ってみた。
#===========================
#pyenvとpyenv-virtualenvを/usr/localにインストールと初期設定
#===========================
cd /usr/local/
sudo git clone git://github.com/yyuu/pyenv.git /usr/local/pyenv
git clone https://github.com/yyuu/pyenv-virtualenv.git /usr/loacl/pyenv/plugins/pyenv-virtualenv
#nano /etc/profile.d/pyenv.sh
export PYENV_ROOT=/usr/local/pyenv
export PATH=$PYENV_ROOT/bin:$PATH
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
#===========================
#/usr/local/pyenvを操作できるグループを作成と権限設定
#===========================
#pythondevグループを作成
$sudo groupadd pythondev
#pythondevグループにuser01を追加
$sudo usermod -aG pythondev user01
#chmod -R 2770 /usr/local/pyenv #同じグループの人がファイルディレクトリを作成した場合、pythondevグループになる様に2770を設定
#===========================
#python2.7.14のインストール
#===========================
# pyenv install 2.7.14
Downloading Python-2.7.14.tar.xz...
-> https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tar.xz
Installing Python-2.7.14...
WARNING: The Python readline extension was not compiled. Missing the GNU readline lib?
WARNING: The Python bz2 extension was not compiled. Missing the bzip2 lib?
WARNING: The Python sqlite3 extension was not compiled. Missing the SQLite3 lib?
Installed Python-2.7.14 to /usr/local/pyenv/versions/2.7.14
#===========================
# wpseku用の環境構築
#===========================
# cd /opt
# pyenv virtualenv 2.7.14 wpseku
The directory '/home/user01.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/user01/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting virtualenv
Downloading virtualenv-15.1.0-py2.py3-none-any.whl (1.8MB)
100% |████████████████████████████████| 1.8MB 699kB/s
Installing collected packages: virtualenv
Successfully installed virtualenv-15.1.0
New python executable in /usr/local/pyenv/versions/2.7.14/envs/wpseku/bin/python2.7
Also creating executable in /usr/local/pyenv/versions/2.7.14/envs/wpseku/bin/python
Installing setuptools, pip, wheel...done.
Requirement already satisfied: setuptools in /usr/local/pyenv/versions/2.7.14/envs/wpseku/lib/python2.7/site-packages
Requirement already satisfied: pip in /usr/local/pyenv/versions/2.7.14/envs/wpseku/lib/python2.7/site-packages
#===========================
# WPSekuのインストール
#===========================
$ git clone https://github.com/m4ll0k/WPSeku.git
#===========================
# WPSekuディレクトリに入ったら、wpseku環境になる様に設定
#===========================
$ cd WPSeku
$ pyenv local wpseku
#===========================
# 依存関係があるモジュールのインストール
#===========================
(wpseku) $ pip install requests
Collecting requests
Using cached requests-2.18.4-py2.py3-none-any.whl
Collecting urllib3<1.23,>=1.21.1 (from requests)
Using cached urllib3-1.22-py2.py3-none-any.whl
Collecting idna<2.7,>=2.5 (from requests)
Using cached idna-2.6-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests)
Using cached chardet-3.0.4-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests)
Using cached certifi-2017.11.5-py2.py3-none-any.whl
Installing collected packages: urllib3, idna, chardet, certifi, requests
Successfully installed certifi-2017.11.5 chardet-3.0.4 idna-2.6 requests-2.18.4 urllib3-1.22
#===========================
# sslエラーの回避方法
#===========================
#このまま実行すると証明書が正しくないとエラーが発生する
python wpseku.py -t https://192.168.10.195/wordpress
__ ______ ____ _
\ \ / / _ \/ ___| ___| | ___ _
\ \ /\ / /| |_) \___ \ / _ \ |/ / | | |
\ V V / | __/ ___) | __/ <| |_| |
\_/\_/ |_| |____/ \___|_|\_\\__,_|
|| WPSeku - Wordpress Security Scanner
|| Version 0.2.1
|| Momo Outaadi (M4ll0k)
|| https://github.com/m4ll0k/WPSeku
[+] Target: https://192.168.10.195/wordpress
[+] Starting: 07/11/2017 13:49:32
[*] Checking sitemap...
[*] Checking license...
[*] Checking robots...
[*] Checking crossdomain...
[*] Checking readme...
[*] Checking .htaccess...
[*] Checking xmlrpc...
[*] Checking Full Path Disclosure...
[*] Checking wp-config...
[*] Checking dir listing...
[*] Interesting headers...
[*] Checking WAF...
[*] Checking wp-login protection...
[*] Checking wordpress version...
[-] Not found running WordPress version
[*] Enumeration themes...
[*] Enumeration plugins...
[*] Enumeration usernames...
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
| Not found usernames
その為、wphttp.pyにエラー回避のコードを追加する
$nano /opt/WPScan/lib/wphttp.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# WPSeku: Wordpress Security Scanner
#
# @url: https://github.com/m4ll0k/WPSeku
# @author: Momo Outaadi (M4ll0k)
#
# WPSeku is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation version 3 of the License.
#
# WPSeku is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with WPSeku; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import urllib2
import ssl # 追加
ssl._create_default_https_context = ssl._create_unverified_context # 追加
class wphttp:
.
.
.
#===========================
# 実際に実行
#===========================
(wpseku) user01@network:/opt/WPSeku$ python wpseku.py -t https://192.168.10.195/wordpress
__ ______ ____ _
\ \ / / _ \/ ___| ___| | ___ _
\ \ /\ / /| |_) \___ \ / _ \ |/ / | | |
\ V V / | __/ ___) | __/ <| |_| |
\_/\_/ |_| |____/ \___|_|\_\\__,_|
|| WPSeku - Wordpress Security Scanner
|| Version 0.2.1
|| Momo Outaadi (M4ll0k)
|| https://github.com/m4ll0k/WPSeku
[+] Target: https://192.168.10.195/wordpress
[+] Starting: 07/11/2017 14:00:13
[*] Checking sitemap...
[-] sitemap.xml not available
[*] Checking license...
[+] license.txt available under: https://192.168.10.195/wordpress/license.txt
[*] Checking robots...
[*] Checking crossdomain...
[-] crossdomain.xml not available
[*] Checking readme...
[+] readme.html available under: https://192.168.10.195/wordpress/readme.html
[*] Checking .htaccess...
[-] .htaccess not available
[*] Checking xmlrpc...
[+] XML-RPC Interface available under: https://192.168.10.195/wordpress/xmlrpc.php
[*] Checking Full Path Disclosure...
[-] Full Path Disclosure not available
[*] Checking wp-config...
[-] wp-config not available
[*] Checking wp-config-sample...
[+] wp-config-sample available under: https://192.168.10.195/wordpress/wp-config-sample.php
[*] Checking wp-config backup...
[-] wp-config.php~ backup not available
[-] wp-config.backup backup not available
[-] wp-config.bck backup not available
[-] wp-config.old backup not available
[-] wp-config.save backup not available
[-] wp-config.bak backup not available
[-] wp-config.copy backup not available
[-] wp-config.tmp backup not available
[-] wp-config.txt backup not available
[-] wp-config.zip backup not available
[-] wp-config.db backup not available
[-] wp-config.dat backup not available
[-] wp-config.tar.gz backup not available
[-] wp-config.back backup not available
[-] wp-config.test backup not available
[-] wp-config.temp backup not available
[-] wp-config.orig backup not available
[*] Checking dir listing...
[-] dir /wp-admin not listing enabled
[-] dir /wp-includes not listing enabled
[-] dir /wp-content/uploads not listing enabled
[-] dir /wp-content/plugins not listing enabled
[-] dir /wp-content/themes not listing enabled
[*] Interesting headers...
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 07 Nov 2017 05:00:13 GMT
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/7.0.22-0ubuntu0.16.04.1
[*] Checking WAF...
[*] Checking wp-login protection...
[+] wp-login not detect protection
[*] Checking wordpress version...
[+] Running WordPress version: 4.7.7
| Not found vulnerabilities
[*] Enumeration themes...
| Name: twentysixteen
| Theme Name: Twenty
| Theme URL: https://wordpress.org/themes/twentysixteen/
| Author: the
| Author URL: https://wordpress.org/
| Version: 1.3
| Style: https://192.168.10.195/wordpress/wp-content/themes/twentysixteen/style.css
| Not found vulnerabilities
[*] Enumeration plugins...
[*] Enumeration usernames...
| ID: 0 | Login: user01
| ID: 1 | Login: user01
#===========================
# 仮想環境の削除
#===========================
# pyenv uninstall wpseku
pyenv-virtualenv: remove /usr/local/pyenv/versions/2.7.14/envs/wpseku? y
#===========================
#pyenvとpyenv-virtualenvを/usr/localにインストールと初期設定
#===========================
cd /usr/local/
sudo git clone git://github.com/yyuu/pyenv.git /usr/local/pyenv
git clone https://github.com/yyuu/pyenv-virtualenv.git /usr/loacl/pyenv/plugins/pyenv-virtualenv
#nano /etc/profile.d/pyenv.sh
export PYENV_ROOT=/usr/local/pyenv
export PATH=$PYENV_ROOT/bin:$PATH
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
#===========================
#/usr/local/pyenvを操作できるグループを作成と権限設定
#===========================
#pythondevグループを作成
$sudo groupadd pythondev
#pythondevグループにuser01を追加
$sudo usermod -aG pythondev user01
#chmod -R 2770 /usr/local/pyenv #同じグループの人がファイルディレクトリを作成した場合、pythondevグループになる様に2770を設定
#===========================
#python2.7.14のインストール
#===========================
# pyenv install 2.7.14
Downloading Python-2.7.14.tar.xz...
-> https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tar.xz
Installing Python-2.7.14...
WARNING: The Python readline extension was not compiled. Missing the GNU readline lib?
WARNING: The Python bz2 extension was not compiled. Missing the bzip2 lib?
WARNING: The Python sqlite3 extension was not compiled. Missing the SQLite3 lib?
Installed Python-2.7.14 to /usr/local/pyenv/versions/2.7.14
#===========================
# wpseku用の環境構築
#===========================
# cd /opt
# pyenv virtualenv 2.7.14 wpseku
The directory '/home/user01.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/user01/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting virtualenv
Downloading virtualenv-15.1.0-py2.py3-none-any.whl (1.8MB)
100% |████████████████████████████████| 1.8MB 699kB/s
Installing collected packages: virtualenv
Successfully installed virtualenv-15.1.0
New python executable in /usr/local/pyenv/versions/2.7.14/envs/wpseku/bin/python2.7
Also creating executable in /usr/local/pyenv/versions/2.7.14/envs/wpseku/bin/python
Installing setuptools, pip, wheel...done.
Requirement already satisfied: setuptools in /usr/local/pyenv/versions/2.7.14/envs/wpseku/lib/python2.7/site-packages
Requirement already satisfied: pip in /usr/local/pyenv/versions/2.7.14/envs/wpseku/lib/python2.7/site-packages
#===========================
# WPSekuのインストール
#===========================
$ git clone https://github.com/m4ll0k/WPSeku.git
#===========================
# WPSekuディレクトリに入ったら、wpseku環境になる様に設定
#===========================
$ cd WPSeku
$ pyenv local wpseku
#===========================
# 依存関係があるモジュールのインストール
#===========================
(wpseku) $ pip install requests
Collecting requests
Using cached requests-2.18.4-py2.py3-none-any.whl
Collecting urllib3<1.23,>=1.21.1 (from requests)
Using cached urllib3-1.22-py2.py3-none-any.whl
Collecting idna<2.7,>=2.5 (from requests)
Using cached idna-2.6-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests)
Using cached chardet-3.0.4-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests)
Using cached certifi-2017.11.5-py2.py3-none-any.whl
Installing collected packages: urllib3, idna, chardet, certifi, requests
Successfully installed certifi-2017.11.5 chardet-3.0.4 idna-2.6 requests-2.18.4 urllib3-1.22
#===========================
# sslエラーの回避方法
#===========================
#このまま実行すると証明書が正しくないとエラーが発生する
python wpseku.py -t https://192.168.10.195/wordpress
__ ______ ____ _
\ \ / / _ \/ ___| ___| | ___ _
\ \ /\ / /| |_) \___ \ / _ \ |/ / | | |
\ V V / | __/ ___) | __/ <| |_| |
\_/\_/ |_| |____/ \___|_|\_\\__,_|
|| WPSeku - Wordpress Security Scanner
|| Version 0.2.1
|| Momo Outaadi (M4ll0k)
|| https://github.com/m4ll0k/WPSeku
[+] Target: https://192.168.10.195/wordpress
[+] Starting: 07/11/2017 13:49:32
[*] Checking sitemap...
[*] Checking license...
[*] Checking robots...
[*] Checking crossdomain...
[*] Checking readme...
[*] Checking .htaccess...
[*] Checking xmlrpc...
[*] Checking Full Path Disclosure...
[*] Checking wp-config...
[*] Checking dir listing...
[*] Interesting headers...
[*] Checking WAF...
[*] Checking wp-login protection...
[*] Checking wordpress version...
[-] Not found running WordPress version
[*] Enumeration themes...
[*] Enumeration plugins...
[*] Enumeration usernames...
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
<urlopen error [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:661)>
| Not found usernames
その為、wphttp.pyにエラー回避のコードを追加する
$nano /opt/WPScan/lib/wphttp.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# WPSeku: Wordpress Security Scanner
#
# @url: https://github.com/m4ll0k/WPSeku
# @author: Momo Outaadi (M4ll0k)
#
# WPSeku is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation version 3 of the License.
#
# WPSeku is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with WPSeku; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import urllib2
import ssl # 追加
ssl._create_default_https_context = ssl._create_unverified_context # 追加
class wphttp:
.
.
.
#===========================
# 実際に実行
#===========================
(wpseku) user01@network:/opt/WPSeku$ python wpseku.py -t https://192.168.10.195/wordpress
__ ______ ____ _
\ \ / / _ \/ ___| ___| | ___ _
\ \ /\ / /| |_) \___ \ / _ \ |/ / | | |
\ V V / | __/ ___) | __/ <| |_| |
\_/\_/ |_| |____/ \___|_|\_\\__,_|
|| WPSeku - Wordpress Security Scanner
|| Version 0.2.1
|| Momo Outaadi (M4ll0k)
|| https://github.com/m4ll0k/WPSeku
[+] Target: https://192.168.10.195/wordpress
[+] Starting: 07/11/2017 14:00:13
[*] Checking sitemap...
[-] sitemap.xml not available
[*] Checking license...
[+] license.txt available under: https://192.168.10.195/wordpress/license.txt
[*] Checking robots...
[*] Checking crossdomain...
[-] crossdomain.xml not available
[*] Checking readme...
[+] readme.html available under: https://192.168.10.195/wordpress/readme.html
[*] Checking .htaccess...
[-] .htaccess not available
[*] Checking xmlrpc...
[+] XML-RPC Interface available under: https://192.168.10.195/wordpress/xmlrpc.php
[*] Checking Full Path Disclosure...
[-] Full Path Disclosure not available
[*] Checking wp-config...
[-] wp-config not available
[*] Checking wp-config-sample...
[+] wp-config-sample available under: https://192.168.10.195/wordpress/wp-config-sample.php
[*] Checking wp-config backup...
[-] wp-config.php~ backup not available
[-] wp-config.backup backup not available
[-] wp-config.bck backup not available
[-] wp-config.old backup not available
[-] wp-config.save backup not available
[-] wp-config.bak backup not available
[-] wp-config.copy backup not available
[-] wp-config.tmp backup not available
[-] wp-config.txt backup not available
[-] wp-config.zip backup not available
[-] wp-config.db backup not available
[-] wp-config.dat backup not available
[-] wp-config.tar.gz backup not available
[-] wp-config.back backup not available
[-] wp-config.test backup not available
[-] wp-config.temp backup not available
[-] wp-config.orig backup not available
[*] Checking dir listing...
[-] dir /wp-admin not listing enabled
[-] dir /wp-includes not listing enabled
[-] dir /wp-content/uploads not listing enabled
[-] dir /wp-content/plugins not listing enabled
[-] dir /wp-content/themes not listing enabled
[*] Interesting headers...
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Tue, 07 Nov 2017 05:00:13 GMT
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/7.0.22-0ubuntu0.16.04.1
[*] Checking WAF...
[*] Checking wp-login protection...
[+] wp-login not detect protection
[*] Checking wordpress version...
[+] Running WordPress version: 4.7.7
| Not found vulnerabilities
[*] Enumeration themes...
| Name: twentysixteen
| Theme Name: Twenty
| Theme URL: https://wordpress.org/themes/twentysixteen/
| Author: the
| Author URL: https://wordpress.org/
| Version: 1.3
| Style: https://192.168.10.195/wordpress/wp-content/themes/twentysixteen/style.css
| Not found vulnerabilities
[*] Enumeration plugins...
[*] Enumeration usernames...
| ID: 0 | Login: user01
| ID: 1 | Login: user01
#===========================
# 仮想環境の削除
#===========================
# pyenv uninstall wpseku
pyenv-virtualenv: remove /usr/local/pyenv/versions/2.7.14/envs/wpseku? y