Not understand passive detection? How you know if the plugins are vulnerable?

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

https://wpscan.com/wordpress-cli-scanner

Other

8.59k stars 1.26k forks source link

Not understand passive detection? How you know if the plugins are vulnerable? #845

Closed laurarosenberg closed 9 years ago

laurarosenberg commented 9 years ago

Hi! I don't get the difference between passive detection and vulnerable. If I am using --enumerate vp I get vulnerable plugins, if not I get a list of plugins from passiv detection, what does this mean?

The second question: How do you know when a plugin is vulnerable? Only from the plugins-owner?

Greetings ;)

firefart commented 9 years ago

Hi, when using vp it tries every plugin in our database which has vulnerabilities linked to it. When doing a normal aggressive detection, all possible plugins are tried (even if the plugin has no known vulnerabilities linked to it). The passive detection only scans the start page and looks for traces of plugins like included css and js files.

Our plugin database is currently hosted at https://wpvulndb.com. We add entries as we find them on twitter, mailing lists and so on. If you find a vulnerability you can also add it to the database and we have to approve it before it is visible to others.

Hope that helped :)

laurarosenberg commented 9 years ago

Hey :) Thanks for the quick answer. Do I have this right? The plugins I get from passive detection are not vulnerable and not important - I mean, I don't have to worry about this plugins?

firefart commented 9 years ago

no the detection mode only says how we detect the plugins/themes installed on the blog, if they are vulnerable or not is a second step.

passive: no intrusive scan is performed, we only analyze the start page only vulnerable ones: all plugins with linked vulnerabilities in our database are tried on the blog all: all plugins in our database (even those without vulnerabilities) are tried

when a plugin is detected we try to determine the version of the plugin/theme and look for vulnerabilities of this version in our databse. If smth matches we print it out, if no version can be determined we print all past vulnerabilties so you can verify it manually.

If you scan your own blog there are also plugins like https://wordpress.org/plugins/plugin-security-scanner/ available which check our database for vulns of all installed plugins which is more accurate because the plugin has access to all the plugin informations

laurarosenberg commented 9 years ago

thanks :) :+1:

ethicalhack3r commented 9 years ago

The main difference between passive and aggressive scanning is the amount of requests sent to the server. Passive attempts to only send a few, whereas aggressive may send thousands.

uebmaster commented 5 years ago

is there a way of hide the wp version?

i hide some but I could not hide this last