WPscan升级后遇到的一些错误

最新推荐文章于 2025-01-25 23:26:14 发布

原创最新推荐文章于 2025-01-25 23:26:14 发布 · 7.9k 阅读

0 ·

CC 4.0 BY-SA版权

mark记录专栏收录该内容

6 篇文章

订阅专栏

本文记录了使用WPScan工具过程中遇到的更新问题及其解决方法，包括证书文件缺失导致的HTTPS验证失败及网络超时问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

最近需要对一个wp的站点进行一次测试，抄起了好久不用的wpscan来对站点进行一个前期的刺探，但是出现了一些问题，在这个地方mark一下

测试环境 win7 x64+pentestbox

今天用wpscan的时候爆了一个错误

C:\Users\Master\Desktop
> wpscan --url www.xxx.com --enumerate u
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.1
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y
[i] Updating the Database ...

[!] Unable to get https://data.wpscan.org/local_vulnerable_files.xml.sha512 (Problem with the SSL CA cert (path? access rights?))

这个提示第一眼看上去猜想可能是因为 wpscan后端调用了curl或者wget之类的请求，遇到了https://data.wpscan.org/local_vulnerable_files.xml 这个网站是个https的，所以出现这样的问题，直接--debug一下

C:\Users\Master\Desktop
> wpscan --update --debug-output
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.1
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
Hostname was NOT found in DNS cache
Adding handle: conn: 0x4160668
Adding handle: send: 0
Adding handle: recv: 0
Curl_addHandleToPipeline: length: 1
- Conn 0 (0x4160668) send_pipe: 1, recv_pipe: 0
Trying 192.124.249.104...
Connected to data.wpscan.org (192.124.249.104) port 443 (#0)
error setting certificate verify locations:
CAfile: C:\PentestBox\base\curl\bin\ca-bundle.crt
CApath: none
Closing connection 0

[!] Unable to get https://data.wpscan.org/local_vulnerable_files.xml.sha512 (Problem with the SSL CA cert (path? access rights?))

我的pentestbox默认安装在D:\盘，这个地方提示找不到这个证书文件。

临时解决方法，直接把这个文件复制一份，创建相同的目录放在这个C:\PentestBox\base\curl\bin\ca-bundle.crt 下，即可解决

还有一种错误：[!] Unable to get https://data.wpscan.org/local_vulnerable_files.xml.sha512 (Timeout was reached) 这是网络的问题，拨一下vpn换个网络环境试一下

后来，我这边解决了。

C:\Users\Master\Desktop
> wpscan --update
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.1
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.