WPscan升级后遇到的一些错误

编程入门行业动态更新时间:2024-10-27 12:39:58

最近需要对一个wp的站点进行一次测试，抄起了好久不用的wpscan来对站点进行一个前期的刺探，但是出现了一些问题，在这个地方mark一下

测试环境 win7 x64+pentestbox

今天用wpscan的时候爆了一个错误

C:\Users\Master\Desktop
> wpscan --url www.xxx --enumerate u
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.1
Sponsored by Sucuri - https://sucuri
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y
[i] Updating the Database ...

[!] Unable to get https://data.wpscan/local_vulnerable_files.xml.sha512 (Problem with the SSL CA cert (path? access rights?))

这个提示第一眼看上去猜想可能是因为 wpscan后端调用了curl或者wget之类的请求，遇到了https://data.wpscan/local_vulnerable_files.xml 这个网站是个https的，所以出现这样的问题，直接--debug一下

C:\Users\Master\Desktop
> wpscan --update --debug-output
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.1
Sponsored by Sucuri - https://sucuri
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
Hostname was NOT found in DNS cache
Adding handle: conn: 0x4160668
Adding handle: send: 0
Adding handle: recv: 0
Curl_addHandleToPipeline: length: 1
- Conn 0 (0x4160668) send_pipe: 1, recv_pipe: 0
Trying 192.124.249.104...
Connected to data.wpscan (192.124.249.104) port 443 (#0)
error setting certificate verify locations:
CAfile: C:\PentestBox\base\curl\bin\ca-bundle.crt
CApath: none
Closing connection 0

[!] Unable to get https://data.wpscan/local_vulnerable_files.xml.sha512 (Problem with the SSL CA cert (path? access rights?))

我的pentestbox默认安装在D:\盘，这个地方提示找不到这个证书文件。

临时解决方法，直接把这个文件复制一份，创建相同的目录放在这个C:\PentestBox\base\curl\bin\ca-bundle.crt 下，即可解决

还有一种错误：[!] Unable to get https://data.wpscan/local_vulnerable_files.xml.sha512 (Timeout was reached) 这是网络的问题，拨一下vpn换个网络环境试一下

后来，我这边解决了。

C:\Users\Master\Desktop
> wpscan --update
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.1
Sponsored by Sucuri - https://sucuri
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.