plecost 介绍

WordPress finger搜索工具,plecost搜索和检索有关安装在系统中的WordPress插件版本的信息。它可以分析一个URL或基于由谷歌索引的结果进行分析。此外显示每个插件有关,如果有CVE代码, Plecost会检索包含由WordPress支持Web站点的信息,并且还允许由谷歌索引的搜索的结果。

资料来源:https://code.google.com/p/plecost/
plecost 首页
plecost 源代码版本库

包含在plecost里的工具

plecost

:~# plecost -h

////////////////////////////////////////////
// ..................................DMI...
// .............................:MMMM......
// .........................$MMMMM:........
// .........M.....,M,=NMMMMMMMMD...........
// ........MMN...MMMMMMMMMMMM,.............
// .......MMMMMMMMMMMMMMMMM~...............
// .......MMMMMMMMMMMMMMM..................
// ....?MMMMMMMMMMMMMMMN$I.................
// .?.MMMMMMMMMMMMMMMMMMMMMM...............
// .MMMMMMMMMMMMMMN........................
// 7MMMMMMMMMMMMMON$.......................
// ZMMMMMMMMMMMMMMMMMM.......plecost.......
// .:MMMMMMMZ~7MMMMMMMMMO..................
// ....~+:.................................
//
// Plecost - Wordpress finger printer Tool (with threads support) 0.2.2-9-beta
//
// Developed by:
//        Francisco Jesus Gomez aka (ffranz@iniqua.com)
//        Daniel Garcia Garcia (dani@iniqua.com)
//
// Info: http://iniqua.com/labs/
// Bug report:

Usage: /usr/bin/plecost [options] [ URL [-l num] -G]

Google search options:
    -l num    : Limit number of results for each plugin in google.
    -G        : Google search mode

Options:
    -n        : Number of plugins to use (Default all - more than 7000).
    -c        : Check plugins only with CVE associated.
    -R file   : Reload plugin list. Use -n option to control the size.
                (This take several minutes)
    -o file   : Output file. (Default "output.txt")
    -i file   : Input plugin list. (Need to start the program)
    -s time   : Min sleep time between two probes. Time in seconds. (Default 10)
    -M time   : Max sleep time between two probes. Time in seconds. (Default 20)
    -t num    : Number of threads. (Default 1)
    -h        : Display help. (More info: http://iniqua.com/labs/)

Examples:

  * Reload first 5 plugins list:
        plecost -R plugins.txt -n 5
  * Search vulnerable sites for first 5 plugins:
        plecost -n 5 -G -i plugins.txt
  * Search plugins with 20 threads, sleep time between 12 and 30 seconds for www.example.com:
        plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example.com

plecost 用法示例

使用100 插件(-n 100),睡眠持续10秒探针(-s 10),但不超过15(-M 15)之间,并使用插件列表(-i /usr/share/plecost/wp_plugin_list.txt)到扫描指定的URL(192.168.1.202/wordpress) :

:~# plecost -n 100 -s 10 -M 15 -i /usr/share/plecost/wp_plugin_list.txt 192.168.1.202/wordpress
[*] Num of checks set to: 100

-------------------------------------------------
[*] Input plugin list set to: /usr/share/plecost/wp_plugin_list.txt
[*] Min sleep time set to: 10
[*] Max sleep time set to: 15
-------------------------------------------------

==> Results for: 192.168.1.202/wordpress <==

[i] Wordpress version found:  3.9.1
[i] Wordpress last public version: 3.9.1

[*] Search for installed plugins

[i] Plugin found: akismet
    |_Latest version:  2.4.0
    |_ Installed version: 3.0.0
    |_CVE list:
    |___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
    |___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
    |___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
    |___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
    |___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)