API tools faq
paste
Himeshvyas26

report

Himeshvyas26
Aug 22nd, 2020
285
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.62 KB | None | 0 0
raw download clone embed print report
  1. __ _______ _____
  2. \ \ / / __ \ / ____|
  3. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
  4. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  5. \ /\ / | | ____) | (__| (_| | | | |
  6. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  7.  
  8. WordPress Security Scanner by the WPScan Team
  9. Version 3.8.4
  10. Sponsored by Automattic - https://automattic.com/
  11. @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
  12. _______________________________________________________________
  13.  
  14. [+] URL: http://www.sindhwildlife.gov.pk/ [162.241.230.68]
  15. [+] Started: Sat Aug 22 05:36:35 2020
  16.  
  17. Interesting Finding(s):
  18.  
  19. [+] Headers
  20. | Interesting Entries:
  21. | - Server: Apache
  22. | - Upgrade: h2,h2c
  23. | - host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
  24. | - X-Endurance-Cache-Level: 2
  25. | Found By: Headers (Passive Detection)
  26. | Confidence: 100%
  27.  
  28. [+] http://www.sindhwildlife.gov.pk/robots.txt
  29. | Interesting Entries:
  30. | - /wp-admin/
  31. | - /wp-admin/admin-ajax.php
  32. | Found By: Robots Txt (Aggressive Detection)
  33. | Confidence: 100%
  34.  
  35. [+] XML-RPC seems to be enabled: http://www.sindhwildlife.gov.pk/xmlrpc.php
  36. | Found By: Direct Access (Aggressive Detection)
  37. | Confidence: 100%
  38. | References:
  39. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  40. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
  41. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  42. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  43. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  44.  
  45. [+] http://www.sindhwildlife.gov.pk/readme.html
  46. | Found By: Direct Access (Aggressive Detection)
  47. | Confidence: 100%
  48.  
  49. [+] This site has 'Must Use Plugins': http://www.sindhwildlife.gov.pk/wp-content/mu-plugins/
  50. | Found By: Direct Access (Aggressive Detection)
  51. | Confidence: 80%
  52. | Reference: http://codex.wordpress.org/Must_Use_Plugins
  53.  
  54. [+] Upload directory has listing enabled: http://www.sindhwildlife.gov.pk/wp-content/uploads/
  55. | Found By: Direct Access (Aggressive Detection)
  56. | Confidence: 100%
  57.  
  58. [+] The external WP-Cron seems to be enabled: http://www.sindhwildlife.gov.pk/wp-cron.php
  59. | Found By: Direct Access (Aggressive Detection)
  60. | Confidence: 60%
  61. | References:
  62. | - https://www.iplocation.net/defend-wordpress-from-ddos
  63. | - https://github.com/wpscanteam/wpscan/issues/1299
  64.  
  65. [+] WordPress version 5.3.2 identified (Insecure, released on 2019-12-18).
  66. | Found By: Rss Generator (Passive Detection)
  67. | - http://www.sindhwildlife.gov.pk/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
  68. | - http://www.sindhwildlife.gov.pk/comments/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
  69.  
  70. [+] WordPress theme in use: twentytwenty
  71. | Location: http://www.sindhwildlife.gov.pk/wp-content/themes/twentytwenty/
  72. | Last Updated: 2020-08-11T00:00:00.000Z
  73. | Readme: http://www.sindhwildlife.gov.pk/wp-content/themes/twentytwenty/readme.txt
  74. | [!] The version is out of date, the latest version is 1.5
  75. | Style URL: http://www.sindhwildlife.gov.pk/wp-content/themes/twentytwenty/style.css?ver=1.0
  76. | Style Name: Twenty Twenty
  77. | Style URI: https://wordpress.org/themes/twentytwenty/
  78. | Description: Our default theme for 2020 is designed to take full advantage of the flexibility of the block editor...
  79. | Author: the WordPress team
  80. | Author URI: https://wordpress.org/
  81. |
  82. | Found By: Css Style In 404 Page (Passive Detection)
  83. |
  84. | Version: 1.0 (80% confidence)
  85. | Found By: Style (Passive Detection)
  86. | - http://www.sindhwildlife.gov.pk/wp-content/themes/twentytwenty/style.css?ver=1.0, Match: 'Version: 1.0'
  87.  
  88. [+] Enumerating All Plugins (via Passive Methods)
  89. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
  90.  
  91. [i] Plugin(s) Identified:
  92.  
  93. [+] addon-elements-for-elementor-page-builder
  94. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/addon-elements-for-elementor-page-builder/
  95. | Latest Version: 1.6.4
  96. | Last Updated: 2020-04-28T06:36:00.000Z
  97. |
  98. | Found By: Urls In Homepage (Passive Detection)
  99. | Confirmed By: Urls In 404 Page (Passive Detection)
  100. |
  101. | The version could not be determined.
  102.  
  103. [+] bdthemes-element-pack-lite
  104. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/bdthemes-element-pack-lite/
  105. | Latest Version: 2.2.0
  106. | Last Updated: 2020-08-14T07:03:00.000Z
  107. |
  108. | Found By: Urls In Homepage (Passive Detection)
  109. | Confirmed By: Urls In 404 Page (Passive Detection)
  110. |
  111. | The version could not be determined.
  112.  
  113. [+] contact-form-7
  114. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/contact-form-7/
  115. | Last Updated: 2020-08-05T20:53:00.000Z
  116. | [!] The version is out of date, the latest version is 5.2.1
  117. |
  118. | Found By: Urls In Homepage (Passive Detection)
  119. | Confirmed By: Urls In 404 Page (Passive Detection)
  120. |
  121. | Version: 5.1.6 (10% confidence)
  122. | Found By: Query Parameter (Passive Detection)
  123. | - http://www.sindhwildlife.gov.pk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
  124.  
  125. [+] elementor
  126. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/elementor/
  127. | Last Updated: 2020-07-21T14:07:00.000Z
  128. | [!] The version is out of date, the latest version is 2.9.14
  129. |
  130. | Found By: Urls In Homepage (Passive Detection)
  131. | Confirmed By: Urls In 404 Page (Passive Detection)
  132. |
  133. | Version: 2.8.2 (100% confidence)
  134. | Found By: Query Parameter (Passive Detection)
  135. | - http://www.sindhwildlife.gov.pk/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=2.8.2
  136. | Confirmed By:
  137. | Javascript Comment (Aggressive Detection)
  138. | - http://www.sindhwildlife.gov.pk/wp-content/plugins/elementor/assets/js/admin-feedback.js, Match: 'elementor - v2.8.2'
  139. | Style Comment (Aggressive Detection)
  140. | - http://www.sindhwildlife.gov.pk/wp-content/plugins/elementor/assets/css/admin.min.css, Match: 'elementor - v2.8.2'
  141.  
  142. [+] elementskit-lite
  143. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/elementskit-lite/
  144. | Latest Version: 1.5.10
  145. | Last Updated: 2020-08-12T06:59:00.000Z
  146. |
  147. | Found By: Urls In Homepage (Passive Detection)
  148. | Confirmed By: Urls In 404 Page (Passive Detection)
  149. |
  150. | The version could not be determined.
  151.  
  152. [+] header-footer-elementor
  153. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/header-footer-elementor/
  154. | Latest Version: 1.5.3
  155. | Last Updated: 2020-08-13T10:20:00.000Z
  156. |
  157. | Found By: Urls In 404 Page (Passive Detection)
  158. |
  159. | The version could not be determined.
  160.  
  161. [+] jetsticky-for-elementor
  162. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/jetsticky-for-elementor/
  163. | Latest Version: 1.0.1
  164. | Last Updated: 2019-08-29T14:34:00.000Z
  165. |
  166. | Found By: Urls In Homepage (Passive Detection)
  167. | Confirmed By: Urls In 404 Page (Passive Detection)
  168. |
  169. | The version could not be determined.
  170.  
  171. [+] pt-elementor-addons-lite
  172. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/pt-elementor-addons-lite/
  173. | Latest Version: 1.4.3
  174. | Last Updated: 2020-03-02T10:21:00.000Z
  175. |
  176. | Found By: Urls In Homepage (Passive Detection)
  177. | Confirmed By: Urls In 404 Page (Passive Detection)
  178. |
  179. | The version could not be determined.
  180.  
  181. [+] smooth-back-to-top-button
  182. | Location: http://www.sindhwildlife.gov.pk/wp-content/plugins/smooth-back-to-top-button/
  183. | Last Updated: 2020-05-22T06:13:00.000Z
  184. | [!] The version is out of date, the latest version is 1.0.2
  185. |
  186. | Found By: Urls In 404 Page (Passive Detection)
  187. |
  188. | Version: 1.0.1 (30% confidence)
  189. | Found By: Query Parameter (Passive Detection)
  190. | - http://www.sindhwildlife.gov.pk/wp-content/plugins/smooth-back-to-top-button/assets/css/sbttb-fonts.css?ver=1.0.1
  191. | - http://www.sindhwildlife.gov.pk/wp-content/plugins/smooth-back-to-top-button/assets/css/smooth-back-to-top-button.css?ver=1.0.1
  192. | - http://www.sindhwildlife.gov.pk/wp-content/plugins/smooth-back-to-top-button/assets/js/smooth-back-to-top-button.js?ver=1.0.1
  193.  
  194. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
  195. Checking Config Backups - Time: 00:00:00 <> (0 / 21) 0.00% ET Checking Config Backups - Time: 00:00:00 <> (1 / 21) 4.76% ET Checking Config Backups - Time: 00:00:00 <> (3 / 21) 14.28% ET Checking Config Backups - Time: 00:00:00 <> (4 / 21) 19.04% ET Checking Config Backups - Time: 00:00:00 <> (5 / 21) 23.80% ET Checking Config Backups - Time: 00:00:00 <> (6 / 21) 28.57% ET Checking Config Backups - Time: 00:00:00 <> (7 / 21) 33.33% ET Checking Config Backups - Time: 00:00:01 <> (9 / 21) 42.85% ET Checking Config Backups - Time: 00:00:01 <> (10 / 21) 47.61% E Checking Config Backups - Time: 00:00:01 <> (11 / 21) 52.38% E Checking Config Backups - Time: 00:00:01 <> (12 / 21) 57.14% E Checking Config Backups - Time: 00:00:01 <> (13 / 21) 61.90% E Checking Config Backups - Time: 00:00:01 <> (14 / 21) 66.66% E Checking Config Backups - Time: 00:00:01 <> (15 / 21) 71.42% E Checking Config Backups - Time: 00:00:02 <> (17 / 21) 80.95% E Checking Config Backups - Time: 00:00:03 <> (18 / 21) 85.71% E Checking Config Backups - Time: 00:00:03 <> (19 / 21) 90.47% E Checking Config Backups - Time: 00:00:03 <> (20 / 21) 95.23% E Checking Config Backups - Time: 00:00:04 <> (21 / 21) 100.00% Time: 00:00:04
  196.  
  197. [i] No Config Backups Found.
  198.  
  199. [!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
  200. [!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
  201.  
  202. [+] Finished: Sat Aug 22 05:37:24 2020
  203. [+] Requests Done: 72
  204. [+] Cached Requests: 6
  205. [+] Data Sent: 22.2 KB
  206. [+] Data Received: 705.86 KB
  207. [+] Memory used: 180.305 MB
  208. [+] Elapsed time: 00:00:48
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!