Elementor #83 – GeniusAtWork

% wpscan --url geniusatwork.club --wp-content-dir /wp-content/ -e ap,at,tt,cb,dbe,u1-20,m --plugins-detection aggressive --api-token <api-token>
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.25
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://geniusatwork.club/ [104.18.20.133]
[+] Started: Wed Dec 27 20:42:06 2023

Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - cf-cache-status: DYNAMIC
 |  - server: cloudflare
 |  - cf-ray: 83c4635ddc55950a-LIS
 |  - cf-team: 1d4e9c6ea40000950a9ce11400000001
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] WordPress readme found: https://geniusatwork.club/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] Upload directory has listing enabled: https://geniusatwork.club/wp-content/uploads/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://geniusatwork.club/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.4.2 identified (Latest, released on 2023-12-06).
 | Found By: Rss Generator (Passive Detection)
 |  - https://geniusatwork.club/index.php/feed/, <generator>https://wordpress.org/?v=6.4.2</generator>
 |  - https://geniusatwork.club/index.php/comments/feed/, <generator>https://wordpress.org/?v=6.4.2</generator>

[+] WordPress theme in use: twentytwentyfour
 | Location: https://geniusatwork.club/wp-content/themes/twentytwentyfour/
 | Readme: https://geniusatwork.club/wp-content/themes/twentytwentyfour/readme.txt
 | [!] Directory listing is enabled
 | Style URL: https://geniusatwork.club/wp-content/themes/twentytwentyfour/style.css
 | Style Name: Twenty Twenty-Four
 | Style URI: https://wordpress.org/themes/twentytwentyfour/
 | Description: Twenty Twenty-Four is designed to be flexible, versatile and applicable to any website. Its collecti...
 | Author: the WordPress team
 | Author URI: https://wordpress.org
 |
 | Found By: Urls In Homepage (Passive Detection)
 |
 | Version: 1.0 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://geniusatwork.club/wp-content/themes/twentytwentyfour/style.css, Match: 'Version: 1.0'

[+] Enumerating All Plugins (via Aggressive Methods)
 Checking Known Locations - Time: 00:27:46 <========================================================================================================> (104139 / 104139) 100.00% Time: 00:27:46

[i] No plugins Found.

[+] Enumerating All Themes (via Passive and Aggressive Methods)
 Checking Known Locations - Time: 00:07:36 <==========================================================================================================> (26676 / 26676) 100.00% Time: 00:07:36
[+] Checking Theme Versions (via Passive and Aggressive Methods)

[i] Theme(s) Identified:

[+] twentytwentyfour
 | Location: https://geniusatwork.club/wp-content/themes/twentytwentyfour/
 | Style URL: https://geniusatwork.club/wp-content/themes/twentytwentyfour/style.css
 |
 | Found By: Urls In Homepage (Passive Detection)
 |
 | Version: 1 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://geniusatwork.club/wp-content/themes/twentytwentyfour/style.css, Match: 'version:1'

[+] Enumerating Timthumbs (via Passive and Aggressive Methods)
 Checking Known Locations - Time: 00:00:50 <============================================================================================================> (2575 / 2575) 100.00% Time: 00:00:50

[i] No Timthumbs Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:02 <===============================================================================================================> (137 / 137) 100.00% Time: 00:00:02

[i] No Config Backups Found.

[+] Enumerating DB Exports (via Passive and Aggressive Methods)
 Checking DB Exports - Time: 00:00:01 <=====================================================================================================================> (75 / 75) 100.00% Time: 00:00:01

[i] No DB Exports Found.

[+] Enumerating Medias (via Passive and Aggressive Methods) (Permalink setting must be set to "Plain" for those to be detected)
 Brute Forcing Attachment IDs - Time: 00:00:02 <==========================================================================================================> (100 / 100) 100.00% Time: 00:00:02

[i] No Medias Found.

[+] Enumerating Users (via Passive and Aggressive Methods)
 Brute Forcing Author IDs - Time: 00:00:00 <================================================================================================================> (20 / 20) 100.00% Time: 00:00:00

[i] No Users Found.

[+] WPScan DB API OK
 | Plan: free
 | Requests Done (during the scan): 3
 | Requests Remaining: 14

[+] Finished: Wed Dec 27 21:18:48 2023
[+] Requests Done: 133776
[+] Cached Requests: 5
[+] Data Sent: 56.35 MB
[+] Data Received: 54.451 MB
[+] Memory used: 361.293 MB
[+] Elapsed time: 00:36:42

### COMENTARIOS ###

-e ap,at,tt,cb,dbe,u1-20,m: Esta opción especifica lo que WPScan debe enumerar:

ap: Todos los plugins. Intentará encontrar todos los plugins en el sitio, no solo aquellos con vulnerabilidades conocidas.
at: Todos los temas. Similar a los plugins, enumerará todos los temas en el sitio.
tt: Timthumbs. Esto verifica la presencia del script TimThumb, que ha tenido problemas de seguridad en el pasado.
cb: Copias de seguridad de la configuración. Esto verifica las copias de seguridad de archivos de configuración que podrían ser accesibles y podrían revelar información sensible.
dbe: Exportaciones de la base de datos. Esto verifica si los archivos de exportación de la base de datos pueden ser accesibles públicamente.
u1-20: Identificadores de usuario 1 al 20. Esto escanea los primeros 20 identificadores de usuario, lo que a veces puede revelar los nombres de usuario de los administradores o autores del sitio.
m: Archivos multimedia. Esto enumera archivos multimedia (como imágenes y subidas) desde el ID 1 al 100 por defecto.

--plugins-detection mixed: Esta opción establece el modo de detección de plugins. mixed significa que WPScan utilizará métodos tanto pasivos como agresivos para detectar plugins. La detección pasiva implica buscar pistas en las páginas web, mientras que la detección agresiva implica enviar solicitudes para verificar archivos específicos de los plugins.

--api-token: Esto incluye tu token de API para WPScan. Un token de API permite acceder a la base de datos de vulnerabilidades de WPScan para obtener información más completa sobre las vulnerabilidades en los plugins, temas y núcleo de WordPress. Esto aumenta la profundidad y precisión del escaneo.