{"id":46,"date":"2025-03-08T19:58:21","date_gmt":"2025-03-08T11:58:21","guid":{"rendered":"https:\/\/www.ironbar.cn\/?p=46"},"modified":"2025-03-08T19:59:32","modified_gmt":"2025-03-08T11:59:32","slug":"%e7%94%a8-wpscan-%e5%af%b9-wordpress-%e7%bd%91%e7%ab%99%e8%bf%9b%e8%a1%8c%e6%b8%97%e9%80%8f%e6%b5%8b%e8%af%95","status":"publish","type":"post","link":"https:\/\/www.ironbar.cn\/index.php\/2025\/03\/08\/%e7%94%a8-wpscan-%e5%af%b9-wordpress-%e7%bd%91%e7%ab%99%e8%bf%9b%e8%a1%8c%e6%b8%97%e9%80%8f%e6%b5%8b%e8%af%95\/","title":{"rendered":"\u7528 WPScan \u5bf9 WordPress \u7f51\u7ad9\u8fdb\u884c\u6e17\u900f\u6d4b\u8bd5"},"content":{"rendered":"\n<p>\u4ee5\u4e0b\u662f\u4f7f\u7528 <strong>WPScan<\/strong> \u5bf9 <code>https:\/\/www.ironbar.cn\/<\/code> \u8fdb\u884c\u6e17\u900f\u6d4b\u8bd5\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\u8bf7\u6ce8\u610f\uff0c\u6e17\u900f\u6d4b\u8bd5\u5e94\u4ec5\u9650\u4e8e\u4f60\u62e5\u6709\u5408\u6cd5\u6743\u9650\u7684\u7f51\u7ad9\uff0c\u5e76\u786e\u4fdd\u9075\u5b88\u76f8\u5173\u6cd5\u5f8b\u6cd5\u89c4\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. \u51c6\u5907\u5de5\u4f5c<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5b89\u88c5 WPScan<\/strong><\/h4>\n\n\n\n<p>\u5982\u679c\u4f60\u5c1a\u672a\u5b89\u88c5 WPScan\uff0c\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u65b9\u5f0f\u5b89\u88c5\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u5728 Kali Linux \u4e2d\u5b89\u88c5<\/strong>\uff1a<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>  sudo apt update\n  sudo apt install wpscan<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u4f7f\u7528 Docker \u8fd0\u884c WPScan<\/strong>\uff1a<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>  docker pull wpscanteam\/wpscan<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u83b7\u53d6 API Token<\/strong><\/h4>\n\n\n\n<p>WPScan \u9700\u8981 API Token \u6765\u83b7\u53d6\u6f0f\u6d1e\u6570\u636e\u5e93\u7684\u66f4\u65b0\u3002\u4f60\u53ef\u4ee5\u514d\u8d39\u6ce8\u518c\u4e00\u4e2a API Token\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8bbf\u95ee <a href=\"https:\/\/wpscan.com\/\">WPScan \u5b98\u7f51<\/a>\u3002<\/li>\n\n\n\n<li>\u6ce8\u518c\u4e00\u4e2a\u8d26\u6237\u5e76\u83b7\u53d6 API Token\u3002<\/li>\n\n\n\n<li>\u5728 WPScan \u4e2d\u4f7f\u7528 API Token\uff1a<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>   wpscan --api-token YOUR_API_TOKEN<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. \u626b\u63cf\u76ee\u6807\u7f51\u7ad9<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u57fa\u672c\u626b\u63cf<\/strong><\/h4>\n\n\n\n<p>\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\u5bf9\u76ee\u6807\u7f51\u7ad9\u8fdb\u884c\u57fa\u672c\u626b\u63cf\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wpscan --url https:\/\/www.ironbar.cn\/ --api-token YOUR_API_TOKEN<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--url<\/code>\uff1a\u6307\u5b9a\u76ee\u6807\u7f51\u7ad9\u7684 URL\u3002<\/li>\n\n\n\n<li><code>--api-token<\/code>\uff1a\u4f7f\u7528\u4f60\u7684 API Token\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u626b\u63cf\u63d2\u4ef6<\/strong><\/h4>\n\n\n\n<p>\u626b\u63cf\u76ee\u6807\u7f51\u7ad9\u5b89\u88c5\u7684\u63d2\u4ef6\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wpscan --url https:\/\/www.ironbar.cn\/ --api-token YOUR_API_TOKEN --plugins-detection aggressive<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--plugins-detection aggressive<\/code>\uff1a\u542f\u7528\u63d2\u4ef6\u68c0\u6d4b\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u626b\u63cf\u4e3b\u9898<\/strong><\/h4>\n\n\n\n<p>\u626b\u63cf\u76ee\u6807\u7f51\u7ad9\u4f7f\u7528\u7684\u4e3b\u9898\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wpscan --url https:\/\/www.ironbar.cn\/ --api-token YOUR_API_TOKEN --enumerate t<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--enumerate t<\/code>\uff1a\u679a\u4e3e\u4e3b\u9898\u4fe1\u606f\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u626b\u63cf\u7528\u6237<\/strong><\/h4>\n\n\n\n<p>\u679a\u4e3e\u76ee\u6807\u7f51\u7ad9\u7684\u7528\u6237\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wpscan --url https:\/\/www.ironbar.cn\/ --api-token YOUR_API_TOKEN --enumerate u<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--enumerate u<\/code>\uff1a\u679a\u4e3e\u7528\u6237\u4fe1\u606f\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u66b4\u529b\u7834\u89e3\u7528\u6237\u5bc6\u7801<\/strong><\/h4>\n\n\n\n<p>\u5982\u679c\u4f60\u6709\u5b57\u5178\u6587\u4ef6\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u66b4\u529b\u7834\u89e3\u7528\u6237\u5bc6\u7801\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wpscan --url https:\/\/www.ironbar.cn\/ --api-token YOUR_API_TOKEN --passwords \/path\/to\/password.txt --usernames admin<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--passwords<\/code>\uff1a\u6307\u5b9a\u5b57\u5178\u6587\u4ef6\u8def\u5f84\u3002<\/li>\n\n\n\n<li><code>--usernames<\/code>\uff1a\u6307\u5b9a\u8981\u7834\u89e3\u7684\u7528\u6237\u540d\u3002<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. \u5206\u6790\u626b\u63cf\u7ed3\u679c<\/strong><\/h3>\n\n\n\n<p>WPScan \u4f1a\u751f\u6210\u8be6\u7ec6\u7684\u626b\u63cf\u62a5\u544a\uff0c\u5305\u62ec\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>WordPress \u7248\u672c\u4fe1\u606f\u3002<\/li>\n\n\n\n<li>\u5df2\u5b89\u88c5\u7684\u63d2\u4ef6\u53ca\u5176\u7248\u672c\u3002<\/li>\n\n\n\n<li>\u5df2\u5b89\u88c5\u7684\u4e3b\u9898\u53ca\u5176\u7248\u672c\u3002<\/li>\n\n\n\n<li>\u53d1\u73b0\u7684\u6f0f\u6d1e\uff08\u5982\u63d2\u4ef6\u6216\u4e3b\u9898\u7684\u5df2\u77e5\u6f0f\u6d1e\uff09\u3002<\/li>\n\n\n\n<li>\u679a\u4e3e\u7684\u7528\u6237\u540d\u3002<\/li>\n<\/ul>\n\n\n\n<p>\u6839\u636e\u626b\u63cf\u7ed3\u679c\uff0c\u4f60\u53ef\u4ee5\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u66f4\u65b0 WordPress \u6838\u5fc3<\/strong>\uff1a\u786e\u4fdd\u4f7f\u7528\u6700\u65b0\u7248\u672c\u7684 WordPress\u3002<\/li>\n\n\n\n<li><strong>\u66f4\u65b0\u63d2\u4ef6\u548c\u4e3b\u9898<\/strong>\uff1a\u5220\u9664\u4e0d\u5fc5\u8981\u7684\u63d2\u4ef6\u548c\u4e3b\u9898\uff0c\u5e76\u66f4\u65b0\u5230\u6700\u65b0\u7248\u672c\u3002<\/li>\n\n\n\n<li><strong>\u4fee\u590d\u5df2\u77e5\u6f0f\u6d1e<\/strong>\uff1a\u6839\u636e WPScan \u63d0\u4f9b\u7684\u6f0f\u6d1e\u4fe1\u606f\uff0c\u91c7\u53d6\u76f8\u5e94\u7684\u4fee\u590d\u63aa\u65bd\u3002<\/li>\n\n\n\n<li><strong>\u52a0\u5f3a\u7528\u6237\u5bc6\u7801<\/strong>\uff1a\u4f7f\u7528\u5f3a\u5bc6\u7801\uff0c\u5e76\u542f\u7528\u53cc\u56e0\u7d20\u8ba4\u8bc1\uff082FA\uff09\u3002<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>4. \u4fee\u590d\u6f0f\u6d1e<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u66f4\u65b0 WordPress<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u767b\u5f55 WordPress \u540e\u53f0\uff08<code>https:\/\/www.ironbar.cn\/wp-admin<\/code>\uff09\u3002<\/li>\n\n\n\n<li>\u5728\u4eea\u8868\u76d8\u4e2d\uff0c\u68c0\u67e5\u662f\u5426\u6709 WordPress \u66f4\u65b0\u63d0\u793a\u3002<\/li>\n\n\n\n<li>\u5982\u679c\u6709\u66f4\u65b0\uff0c\u70b9\u51fb\u201c\u7acb\u5373\u66f4\u65b0\u201d\u3002<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u66f4\u65b0\u63d2\u4ef6\u548c\u4e3b\u9898<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5728 WordPress \u540e\u53f0\uff0c\u5bfc\u822a\u5230\u201c\u63d2\u4ef6\u201d > \u201c\u5df2\u5b89\u88c5\u63d2\u4ef6\u201d\u3002<\/li>\n\n\n\n<li>\u68c0\u67e5\u6bcf\u4e2a\u63d2\u4ef6\u662f\u5426\u6709\u66f4\u65b0\uff0c\u5e76\u70b9\u51fb\u201c\u7acb\u5373\u66f4\u65b0\u201d\u3002<\/li>\n\n\n\n<li>\u5bfc\u822a\u5230\u201c\u5916\u89c2\u201d > \u201c\u4e3b\u9898\u201d\uff0c\u66f4\u65b0\u6240\u6709\u4e3b\u9898\u3002<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5220\u9664\u4e0d\u5fc5\u8981\u7684\u63d2\u4ef6\u548c\u4e3b\u9898<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5220\u9664\u672a\u4f7f\u7528\u7684\u63d2\u4ef6\u548c\u4e3b\u9898\uff0c\u4ee5\u51cf\u5c11\u653b\u51fb\u9762\u3002<\/li>\n\n\n\n<li>\u786e\u4fdd\u6240\u6709\u63d2\u4ef6\u548c\u4e3b\u9898\u90fd\u6765\u81ea\u53ef\u4fe1\u6765\u6e90\u3002<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u52a0\u5f3a\u7528\u6237\u5b89\u5168<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u4f7f\u7528\u5f3a\u5bc6\u7801\uff08\u81f3\u5c11 12 \u4e2a\u5b57\u7b26\uff0c\u5305\u542b\u5927\u5c0f\u5199\u5b57\u6bcd\u3001\u6570\u5b57\u548c\u7279\u6b8a\u5b57\u7b26\uff09\u3002<\/li>\n\n\n\n<li>\u542f\u7528\u53cc\u56e0\u7d20\u8ba4\u8bc1\uff082FA\uff09\u63d2\u4ef6\uff0c\u5982 <strong>Google Authenticator<\/strong> \u6216 <strong>Wordfence<\/strong>\u3002<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u914d\u7f6e Web \u670d\u52a1\u5668<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u786e\u4fdd Web \u670d\u52a1\u5668\uff08\u5982 Apache \u6216 Nginx\uff09\u5df2\u66f4\u65b0\u5230\u6700\u65b0\u7248\u672c\u3002<\/li>\n\n\n\n<li>\u914d\u7f6e Web \u670d\u52a1\u5668\u4ee5\u7981\u7528\u76ee\u5f55\u6d4f\u89c8\uff1a<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Apache<\/strong>\uff1a\u5728 <code>.htaccess<\/code> \u6587\u4ef6\u4e2d\u6dfb\u52a0 <code>Options -Indexes<\/code>\u3002<\/li>\n\n\n\n<li><strong>Nginx<\/strong>\uff1a\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0 <code>autoindex off;<\/code>\u3002<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5b89\u88c5\u5b89\u5168\u63d2\u4ef6<\/strong><\/h4>\n\n\n\n<p>\u5b89\u88c5\u5e76\u914d\u7f6e\u4ee5\u4e0b\u5b89\u5168\u63d2\u4ef6\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Wordfence<\/strong>\uff1a\u63d0\u4f9b\u9632\u706b\u5899\u3001\u6076\u610f\u8f6f\u4ef6\u626b\u63cf\u548c\u767b\u5f55\u5b89\u5168\u529f\u80fd\u3002<\/li>\n\n\n\n<li><strong>iThemes Security<\/strong>\uff1a\u63d0\u4f9b\u66b4\u529b\u7834\u89e3\u4fdd\u62a4\u3001\u6587\u4ef6\u66f4\u6539\u68c0\u6d4b\u7b49\u529f\u80fd\u3002<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>5. \u5b9a\u671f\u626b\u63cf\u548c\u76d1\u63a7<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5b9a\u671f\u4f7f\u7528 WPScan \u626b\u63cf\u4f60\u7684\u7f51\u7ad9\uff0c\u786e\u4fdd\u6ca1\u6709\u65b0\u7684\u6f0f\u6d1e\u3002<\/li>\n\n\n\n<li>\u4f7f\u7528\u76d1\u63a7\u5de5\u5177\uff08\u5982 <strong>UptimeRobot<\/strong>\uff09\u76d1\u63a7\u7f51\u7ad9\u7684\u8fd0\u884c\u72b6\u6001\u3002<\/li>\n\n\n\n<li>\u542f\u7528\u65e5\u5fd7\u8bb0\u5f55\uff0c\u5b9a\u671f\u68c0\u67e5\u8bbf\u95ee\u65e5\u5fd7\u548c\u9519\u8bef\u65e5\u5fd7\u3002<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>6. \u4f7f\u7528 Docker \u8fd0\u884c WPScan\uff08\u53ef\u9009\uff09<\/strong><\/h3>\n\n\n\n<p>\u5982\u679c\u4f60\u66f4\u559c\u6b22\u4f7f\u7528 Docker\uff0c\u53ef\u4ee5\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -it --rm wpscanteam\/wpscan --url https:\/\/www.ironbar.cn\/ --api-token YOUR_API_TOKEN<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u603b\u7ed3<\/strong><\/h3>\n\n\n\n<p>\u901a\u8fc7\u4ee5\u4e0a\u6b65\u9aa4\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 WPScan \u5bf9 <code>https:\/\/www.ironbar.cn\/<\/code> \u8fdb\u884c\u5168\u9762\u7684\u6e17\u900f\u6d4b\u8bd5\uff0c\u5e76\u6839\u636e\u626b\u63cf\u7ed3\u679c\u4fee\u590d\u6f0f\u6d1e\u3002\u8bf7\u8bb0\u4f4f\uff0c\u5b89\u5168\u662f\u4e00\u4e2a\u6301\u7eed\u7684\u8fc7\u7a0b\uff0c\u5b9a\u671f\u626b\u63cf\u548c\u66f4\u65b0\u662f\u786e\u4fdd\u7f51\u7ad9\u5b89\u5168\u7684\u5173\u952e\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4ee5\u4e0b\u662f\u4f7f\u7528 WPScan \u5bf9 https:\/\/www.ironbar.cn\/ \u8fdb\u884c\u6e17\u900f\u6d4b\u8bd5\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\u8bf7\u6ce8\u610f\uff0c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-46","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/posts\/46","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/comments?post=46"}],"version-history":[{"count":2,"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/posts\/46\/revisions"}],"predecessor-version":[{"id":48,"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/posts\/46\/revisions\/48"}],"wp:attachment":[{"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/media?parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/categories?post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ironbar.cn\/index.php\/wp-json\/wp\/v2\/tags?post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}