plecost包装说明
WordPress的手指打印机工具,plecost搜索和检索有关安装在系统中的WordPress插件版本的信息。它可以分析一个URL或基于由谷歌索引的结果进行分析。此外显示每个插件有关,如果有CVE代码。 Plecost检索包含在由WordPress支持的Web站点的信息,并且还允许由谷歌索引的结果的搜索。
资料来源:https://code.google.com/p/plecost/
plecost首页 | 卡利plecost回购
- 作者:弗朗西斯科耶稣戈麦斯,丹尼尔·加西亚·加西亚
- 许可:GPLv3的
包含在plecost包工具
plecost
[email protected]:~# plecost -h
////////////////////////////////////////////
// ..................................DMI...
// .............................:MMMM......
// .........................$MMMMM:........
// .........M.....,M,=NMMMMMMMMD...........
// ........MMN...MMMMMMMMMMMM,.............
// .......MMMMMMMMMMMMMMMMM~...............
// .......MMMMMMMMMMMMMMM..................
// ....?MMMMMMMMMMMMMMMN$I.................
// .?.MMMMMMMMMMMMMMMMMMMMMM...............
// .MMMMMMMMMMMMMMN........................
// 7MMMMMMMMMMMMMON$.......................
// ZMMMMMMMMMMMMMMMMMM.......plecost.......
// .:MMMMMMMZ~7MMMMMMMMMO..................
// ....~+:.................................
//
// Plecost - Wordpress finger printer Tool (with threads support) 0.2.2-9-beta
//
// Developed by:
// Francisco Jesus Gomez aka ([email protected])
// Daniel Garcia Garcia ([email protected])
//
// Info: http://iniqua.com/labs/
// Bug report: [email protected]
Usage: /usr/bin/plecost [options] [ URL | [-l num] -G]
Google search options:
-l num : Limit number of results for each plugin in google.
-G : Google search mode
Options:
-n : Number of plugins to use (Default all - more than 7000).
-c : Check plugins only with CVE associated.
-R file : Reload plugin list. Use -n option to control the size (This take several minutes)
-o file : Output file. (Default "output.txt")
-i file : Input plugin list. (Need to start the program)
-s time : Min sleep time between two probes. Time in seconds. (Default 10)
-M time : Max sleep time between two probes. Time in seconds. (Default 20)
-t num : Number of threads. (Default 1)
-h : Display help. (More info: http://iniqua.com/labs/)
Examples:
* Reload first 5 plugins list:
plecost -R plugins.txt -n 5
* Search vulnerable sites for first 5 plugins:
plecost -n 5 -G -i plugins.txt
* Search plugins with 20 threads, sleep time between 12 and 30 seconds for www.example.com:
plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example.complecost用法示例
使用100 插件(-n 100),睡眠持续10秒探针(-s 10),但不超过15(-M 15)之间,并使用插件列表(-i /usr/share/plecost/wp_plugin_list.txt)到扫描指定的URL(192.168.1.202/wordpress) :
[email protected]:~# plecost -n 100 -s 10 -M 15 -i /usr/share/plecost/wp_plugin_list.txt 192.168.1.202/wordpress
[*] Num of checks set to: 100
-------------------------------------------------
[*] Input plugin list set to: /usr/share/plecost/wp_plugin_list.txt
[*] Min sleep time set to: 10
[*] Max sleep time set to: 15
-------------------------------------------------
==> Results for: 192.168.1.202/wordpress <==
[i] Wordpress version found: 3.9.1
[i] Wordpress last public version: 3.9.1
[*] Search for installed plugins
[i] Plugin found: akismet
|_Latest version: 2.4.0
|_ Installed version: 3.0.0
|_CVE list:
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)