Activity Log

Read proxies.yaml from /etc/theHarvester/proxies.yaml
*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 4.8.0                                              *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* [email protected]                                   *
*                                                                 *
*******************************************************************
usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-p] [-s]
[--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t]
[-r [DNS_RESOLVE]] [-n] [-c] [-f FILENAME] [-w WORDLIST]
[-a] [-q] [-b SOURCE]
theHarvester: error: the following arguments are required: -d/--domain

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://samokat56.ru/ [45.130.41.110]
[+] Started: Sun Aug 24 13:34:14 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx-reuseport/1.21.1
|  - x-powered-by: PHP/8.2.28
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://samokat56.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://samokat56.ru/xmlrpc.php
| Found By: Link Tag (Passive Detection)
| Confidence: 30%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://samokat56.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://samokat56.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Passive Detection)
|  - https://samokat56.ru/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://samokat56.ru/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[+] WordPress theme in use: woodmart
| Location: https://samokat56.ru/wp-content/themes/woodmart/
| Last Updated: 2025-07-24T18:48:59.000Z
| [!] The version is out of date, the latest version is 8.2.7
| Style URL: https://samokat56.ru/wp-content/themes/woodmart/style.css
| Style Name: Woodmart
| Style URI: https://woodmart.xtemos.com/
| Description: ThemeForest Premium Theme...
| Author: XTemos
| Author URI: http://themeforest.net/user/xtemos
|
| Found By: Urls In Homepage (Passive Detection)
|
| [!] 6 vulnerabilities identified:
|
| [!] Title: WoodMart < 8.0.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.0.4
|     References:
|      - https://wpscan.com/vulnerability/d57ddc55-fbe2-42c0-b60f-af617990eafb
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12333
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538
|
| [!] Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Local File Inclusion
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/2bb93e73-c9a5-455d-88ec-9b25f78c15d1
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6746
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c
|
| [!] Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/4aa65ebe-a9be-4ce1-a55b-6c9fab7af20c
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6743
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc
|
| [!] Title: Woodmart < 8.2.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/db674a0e-2277-46cc-a11a-d3b6b59678df
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6744
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e
|
| [!] Title: WoodMart < 8.2.6 - Unauthenticated Post Disclosure
|     Fixed in: 8.2.6
|     References:
|      - https://wpscan.com/vulnerability/dae804ef-a25d-48e5-9ed8-537ae9c3efe2
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6745
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11
|
| [!] Title: WoodMart < 8.2.7 - Unauthenticated Cart Manipulation
|     Fixed in: 8.2.7
|     References:
|      - https://wpscan.com/vulnerability/1e03e3ca-39aa-4d5a-ab15-3be06872736e
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8097
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b
|
| Version: 7.4.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://samokat56.ru/wp-content/themes/woodmart/style.css, Match: 'Version: 7.4.3'

[+] Enumerating DB Exports (via Passive and Aggressive Methods)

Checking DB Exports - Time: 00:00:00 <         > (0 / 75)  0.00%  ETA: ??:??:??
Checking DB Exports - Time: 00:00:00 <         > (1 / 75)  1.33%  ETA: 00:00:36
Checking DB Exports - Time: 00:00:00 <         > (2 / 75)  2.66%  ETA: 00:00:23
Checking DB Exports - Time: 00:00:00 <         > (3 / 75)  4.00%  ETA: 00:00:18
Checking DB Exports - Time: 00:00:00 <         > (4 / 75)  5.33%  ETA: 00:00:16
Checking DB Exports - Time: 00:00:01 <         > (5 / 75)  6.66%  ETA: 00:00:15
Checking DB Exports - Time: 00:00:01 <         > (6 / 75)  8.00%  ETA: 00:00:14
Checking DB Exports - Time: 00:00:01 <         > (7 / 75)  9.33%  ETA: 00:00:13
Checking DB Exports - Time: 00:00:01 <         > (8 / 75) 10.66%  ETA: 00:00:13
Checking DB Exports - Time: 00:00:01 <=        > (9 / 75) 12.00%  ETA: 00:00:12
Checking DB Exports - Time: 00:00:01 <=       > (10 / 75) 13.33%  ETA: 00:00:12
Checking DB Exports - Time: 00:00:01 <=       > (11 / 75) 14.66%  ETA: 00:00:11
Checking DB Exports - Time: 00:00:02 <=       > (12 / 75) 16.00%  ETA: 00:00:11
Checking DB Exports - Time: 00:00:02 <=       > (13 / 75) 17.33%  ETA: 00:00:11
Checking DB Exports - Time: 00:00:02 <=       > (14 / 75) 18.66%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (15 / 75) 20.00%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (16 / 75) 21.33%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (17 / 75) 22.66%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (18 / 75) 24.00%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (19 / 75) 25.33%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (20 / 75) 26.66%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (21 / 75) 28.00%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (22 / 75) 29.33%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (23 / 75) 30.66%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:03 <==      > (24 / 75) 32.00%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:03 <==      > (25 / 75) 33.33%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:04 <==      > (26 / 75) 34.66%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:04 <==      > (27 / 75) 36.00%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:04 <==      > (28 / 75) 37.33%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (29 / 75) 38.66%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (30 / 75) 40.00%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (31 / 75) 41.33%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (32 / 75) 42.66%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:05 <===     > (33 / 75) 44.00%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:05 <===     > (34 / 75) 45.33%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:05 <===     > (35 / 75) 46.66%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:06 <===     > (36 / 75) 48.00%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:06 <===     > (37 / 75) 49.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:06 <====    > (38 / 75) 50.66%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:06 <====    > (39 / 75) 52.00%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (40 / 75) 53.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (41 / 75) 54.66%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (42 / 75) 56.00%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (43 / 75) 57.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (44 / 75) 58.66%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:08 <====    > (45 / 75) 60.00%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:08 <====    > (46 / 75) 61.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:08 <====    > (47 / 75) 62.66%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:08 <=====   > (48 / 75) 64.00%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:09 <=====   > (49 / 75) 65.33%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:09 <=====   > (50 / 75) 66.66%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:09 <=====   > (51 / 75) 68.00%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:09 <=====   > (52 / 75) 69.33%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:09 <=====   > (53 / 75) 70.66%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:09 <=====   > (54 / 75) 72.00%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:10 <=====   > (55 / 75) 73.33%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:10 <=====   > (56 / 75) 74.66%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (57 / 75) 76.00%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (58 / 75) 77.33%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (59 / 75) 78.66%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (60 / 75) 80.00%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (61 / 75) 81.33%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:11 <======  > (62 / 75) 82.66%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======  > (63 / 75) 84.00%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======  > (64 / 75) 85.33%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======  > (65 / 75) 86.66%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======= > (66 / 75) 88.00%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======= > (67 / 75) 89.33%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:11 <======= > (68 / 75) 90.66%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (69 / 75) 92.00%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (70 / 75) 93.33%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (71 / 75) 94.66%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (72 / 75) 96.00%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (73 / 75) 97.33%  ETA: 00:00:00
Checking DB Exports - Time: 00:00:12 <======= > (74 / 75) 98.66%  ETA: 00:00:00
Checking DB Exports - Time: 00:00:13 <=======> (75 / 75) 100.00% Time: 00:00:13

[i] No DB Exports Found.

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 0
| Requests Remaining: 12

[+] Finished: Sun Aug 24 13:34:31 2025
[+] Requests Done: 79
[+] Cached Requests: 40
[+] Data Sent: 21.129 KB
[+] Data Received: 93.926 KB
[+] Memory used: 178.176 MB
[+] Elapsed time: 00:00:17

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://samokat56.ru/ [45.130.41.110]
[+] Started: Sun Aug 24 13:32:05 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx-reuseport/1.21.1
|  - x-powered-by: PHP/8.2.28
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://samokat56.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://samokat56.ru/xmlrpc.php
| Found By: Link Tag (Passive Detection)
| Confidence: 30%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://samokat56.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://samokat56.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Passive Detection)
|  - https://samokat56.ru/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://samokat56.ru/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[+] WordPress theme in use: woodmart
| Location: https://samokat56.ru/wp-content/themes/woodmart/
| Last Updated: 2025-07-24T18:48:59.000Z
| [!] The version is out of date, the latest version is 8.2.7
| Style URL: https://samokat56.ru/wp-content/themes/woodmart/style.css
| Style Name: Woodmart
| Style URI: https://woodmart.xtemos.com/
| Description: ThemeForest Premium Theme...
| Author: XTemos
| Author URI: http://themeforest.net/user/xtemos
|
| Found By: Urls In Homepage (Passive Detection)
|
| [!] 6 vulnerabilities identified:
|
| [!] Title: WoodMart < 8.0.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.0.4
|     References:
|      - https://wpscan.com/vulnerability/d57ddc55-fbe2-42c0-b60f-af617990eafb
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12333
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538
|
| [!] Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Local File Inclusion
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/2bb93e73-c9a5-455d-88ec-9b25f78c15d1
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6746
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c
|
| [!] Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/4aa65ebe-a9be-4ce1-a55b-6c9fab7af20c
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6743
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc
|
| [!] Title: Woodmart < 8.2.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/db674a0e-2277-46cc-a11a-d3b6b59678df
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6744
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e
|
| [!] Title: WoodMart < 8.2.6 - Unauthenticated Post Disclosure
|     Fixed in: 8.2.6
|     References:
|      - https://wpscan.com/vulnerability/dae804ef-a25d-48e5-9ed8-537ae9c3efe2
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6745
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11
|
| [!] Title: WoodMart < 8.2.7 - Unauthenticated Cart Manipulation
|     Fixed in: 8.2.7
|     References:
|      - https://wpscan.com/vulnerability/1e03e3ca-39aa-4d5a-ab15-3be06872736e
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8097
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b
|
| Version: 7.4.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://samokat56.ru/wp-content/themes/woodmart/style.css, Match: 'Version: 7.4.3'

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:31
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:54
Checking Config Backups - Time: 00:00:01 <    > (3 / 137)  2.18%  ETA: 00:01:18
Checking Config Backups - Time: 00:00:02 <    > (4 / 137)  2.91%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:03 <    > (5 / 137)  3.64%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:03 <    > (6 / 137)  4.37%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:04 <    > (7 / 137)  5.10%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:05 <    > (8 / 137)  5.83%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:05 <    > (9 / 137)  6.56%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:06 <   > (10 / 137)  7.29%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:07 <   > (11 / 137)  8.02%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:08 <   > (12 / 137)  8.75%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:08 <   > (13 / 137)  9.48%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:09 <   > (14 / 137) 10.21%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:10 <   > (15 / 137) 10.94%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:10 <   > (16 / 137) 11.67%  ETA: 00:01:20
Checking Config Backups - Time: 00:00:10 <   > (17 / 137) 12.40%  ETA: 00:01:16
Checking Config Backups - Time: 00:00:11 <   > (18 / 137) 13.13%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:11 <   > (19 / 137) 13.86%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:12 <   > (20 / 137) 14.59%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:13 <   > (21 / 137) 15.32%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:14 <   > (22 / 137) 16.05%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:14 <   > (23 / 137) 16.78%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:15 <   > (24 / 137) 17.51%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:16 <   > (25 / 137) 18.24%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:17 <   > (26 / 137) 18.97%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:18 <   > (27 / 137) 19.70%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:18 <   > (28 / 137) 20.43%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:19 <   > (29 / 137) 21.16%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:20 <   > (30 / 137) 21.89%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:21 <   > (31 / 137) 22.62%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:22 <   > (32 / 137) 23.35%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:23 <   > (33 / 137) 24.08%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:24 <   > (34 / 137) 24.81%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:24 <   > (35 / 137) 25.54%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:25 <   > (36 / 137) 26.27%  ETA: 00:01:12
Checking Config Backups - Time: 00:00:27 <   > (37 / 137) 27.00%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:28 <   > (38 / 137) 27.73%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:28 <   > (39 / 137) 28.46%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:29 <   > (40 / 137) 29.19%  ETA: 00:01:12
Checking Config Backups - Time: 00:00:30 <   > (41 / 137) 29.92%  ETA: 00:01:11
Checking Config Backups - Time: 00:00:31 <   > (42 / 137) 30.65%  ETA: 00:01:11
Checking Config Backups - Time: 00:00:31 <   > (43 / 137) 31.38%  ETA: 00:01:10
Checking Config Backups - Time: 00:00:32 <   > (44 / 137) 32.11%  ETA: 00:01:09
Checking Config Backups - Time: 00:00:33 <   > (45 / 137) 32.84%  ETA: 00:01:08
Checking Config Backups - Time: 00:00:33 <   > (46 / 137) 33.57%  ETA: 00:01:07
Checking Config Backups - Time: 00:00:34 <=  > (47 / 137) 34.30%  ETA: 00:01:06
Checking Config Backups - Time: 00:00:35 <=  > (48 / 137) 35.03%  ETA: 00:01:05
Checking Config Backups - Time: 00:00:35 <=  > (49 / 137) 35.76%  ETA: 00:01:04
Checking Config Backups - Time: 00:00:36 <=  > (50 / 137) 36.49%  ETA: 00:01:04
Checking Config Backups - Time: 00:00:37 <=  > (51 / 137) 37.22%  ETA: 00:01:03
Checking Config Backups - Time: 00:00:37 <=  > (52 / 137) 37.95%  ETA: 00:01:02
Checking Config Backups - Time: 00:00:38 <=  > (53 / 137) 38.68%  ETA: 00:01:01
Checking Config Backups - Time: 00:00:39 <=  > (54 / 137) 39.41%  ETA: 00:01:01
Checking Config Backups - Time: 00:00:40 <=  > (55 / 137) 40.14%  ETA: 00:01:00
Checking Config Backups - Time: 00:00:40 <=  > (56 / 137) 40.87%  ETA: 00:00:59
Checking Config Backups - Time: 00:00:41 <=  > (57 / 137) 41.60%  ETA: 00:00:58
Checking Config Backups - Time: 00:00:42 <=  > (58 / 137) 42.33%  ETA: 00:00:58
Checking Config Backups - Time: 00:00:42 <=  > (59 / 137) 43.06%  ETA: 00:00:57
Checking Config Backups - Time: 00:00:43 <=  > (60 / 137) 43.79%  ETA: 00:00:56
Checking Config Backups - Time: 00:00:44 <=  > (61 / 137) 44.52%  ETA: 00:00:55
Checking Config Backups - Time: 00:00:44 <=  > (62 / 137) 45.25%  ETA: 00:00:54
Checking Config Backups - Time: 00:00:44 <=  > (63 / 137) 45.98%  ETA: 00:00:53
Checking Config Backups - Time: 00:00:44 <=  > (64 / 137) 46.71%  ETA: 00:00:51
Checking Config Backups - Time: 00:00:45 <=  > (65 / 137) 47.44%  ETA: 00:00:50
Checking Config Backups - Time: 00:00:45 <=  > (66 / 137) 48.17%  ETA: 00:00:49
Checking Config Backups - Time: 00:00:45 <=  > (67 / 137) 48.90%  ETA: 00:00:48
Checking Config Backups - Time: 00:00:45 <=  > (68 / 137) 49.63%  ETA: 00:00:46
Checking Config Backups - Time: 00:00:45 <=  > (69 / 137) 50.36%  ETA: 00:00:45
Checking Config Backups - Time: 00:00:45 <=  > (70 / 137) 51.09%  ETA: 00:00:44
Checking Config Backups - Time: 00:00:46 <=  > (71 / 137) 51.82%  ETA: 00:00:43
Checking Config Backups - Time: 00:00:46 <=  > (72 / 137) 52.55%  ETA: 00:00:42
Checking Config Backups - Time: 00:00:46 <=  > (73 / 137) 53.28%  ETA: 00:00:41
Checking Config Backups - Time: 00:00:46 <=  > (74 / 137) 54.01%  ETA: 00:00:40
Checking Config Backups - Time: 00:00:46 <=  > (75 / 137) 54.74%  ETA: 00:00:39
Checking Config Backups - Time: 00:00:46 <=  > (76 / 137) 55.47%  ETA: 00:00:38
Checking Config Backups - Time: 00:00:47 <=  > (77 / 137) 56.20%  ETA: 00:00:37
Checking Config Backups - Time: 00:00:47 <=  > (78 / 137) 56.93%  ETA: 00:00:36
Checking Config Backups - Time: 00:00:47 <=  > (79 / 137) 57.66%  ETA: 00:00:35
Checking Config Backups - Time: 00:00:47 <=  > (80 / 137) 58.39%  ETA: 00:00:34
Checking Config Backups - Time: 00:00:47 <=  > (81 / 137) 59.12%  ETA: 00:00:33
Checking Config Backups - Time: 00:00:47 <=  > (82 / 137) 59.85%  ETA: 00:00:32
Checking Config Backups - Time: 00:00:48 <=  > (83 / 137) 60.58%  ETA: 00:00:31
Checking Config Backups - Time: 00:00:48 <=  > (84 / 137) 61.31%  ETA: 00:00:31
Checking Config Backups - Time: 00:00:48 <=  > (85 / 137) 62.04%  ETA: 00:00:30
Checking Config Backups - Time: 00:00:48 <=  > (86 / 137) 62.77%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:48 <=  > (87 / 137) 63.50%  ETA: 00:00:28
Checking Config Backups - Time: 00:00:49 <=  > (88 / 137) 64.23%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:49 <=  > (89 / 137) 64.96%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:49 <=  > (90 / 137) 65.69%  ETA: 00:00:26
Checking Config Backups - Time: 00:00:49 <=  > (91 / 137) 66.42%  ETA: 00:00:25
Checking Config Backups - Time: 00:00:49 <== > (92 / 137) 67.15%  ETA: 00:00:24
Checking Config Backups - Time: 00:00:49 <== > (93 / 137) 67.88%  ETA: 00:00:24
Checking Config Backups - Time: 00:00:50 <== > (94 / 137) 68.61%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:50 <== > (95 / 137) 69.34%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:50 <== > (96 / 137) 70.07%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:51 <== > (97 / 137) 70.80%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:51 <== > (98 / 137) 71.53%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:52 <== > (99 / 137) 72.26%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:52 <= > (100 / 137) 72.99%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:52 <= > (101 / 137) 73.72%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:53 <= > (102 / 137) 74.45%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:53 <= > (103 / 137) 75.18%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:53 <= > (104 / 137) 75.91%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:53 <= > (105 / 137) 76.64%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:53 <= > (106 / 137) 77.37%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:53 <= > (107 / 137) 78.10%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:54 <= > (108 / 137) 78.83%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:54 <= > (109 / 137) 79.56%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:54 <= > (110 / 137) 80.29%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:54 <= > (111 / 137) 81.02%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:54 <= > (112 / 137) 81.75%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:54 <= > (113 / 137) 82.48%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:55 <= > (114 / 137) 83.21%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:55 <= > (115 / 137) 83.94%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:56 <= > (116 / 137) 84.67%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:57 <= > (117 / 137) 85.40%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:57 <= > (118 / 137) 86.13%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:58 <= > (119 / 137) 86.86%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:59 <= > (120 / 137) 87.59%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:59 <= > (121 / 137) 88.32%  ETA: 00:00:08
Checking Config Backups - Time: 00:01:00 <= > (122 / 137) 89.05%  ETA: 00:00:08
Checking Config Backups - Time: 00:01:01 <= > (123 / 137) 89.78%  ETA: 00:00:07
Checking Config Backups - Time: 00:01:02 <= > (124 / 137) 90.51%  ETA: 00:00:07
Checking Config Backups - Time: 00:01:03 <= > (125 / 137) 91.24%  ETA: 00:00:06
Checking Config Backups - Time: 00:01:04 <= > (126 / 137) 91.97%  ETA: 00:00:06
Checking Config Backups - Time: 00:01:04 <= > (127 / 137) 92.70%  ETA: 00:00:05
Checking Config Backups - Time: 00:01:05 <= > (128 / 137) 93.43%  ETA: 00:00:05
Checking Config Backups - Time: 00:01:06 <= > (129 / 137) 94.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:01:07 <= > (130 / 137) 94.89%  ETA: 00:00:04
Checking Config Backups - Time: 00:01:07 <= > (131 / 137) 95.62%  ETA: 00:00:03
Checking Config Backups - Time: 00:01:08 <= > (132 / 137) 96.35%  ETA: 00:00:03
Checking Config Backups - Time: 00:01:09 <= > (133 / 137) 97.08%  ETA: 00:00:02
Checking Config Backups - Time: 00:01:09 <= > (134 / 137) 97.81%  ETA: 00:00:02
Checking Config Backups - Time: 00:01:10 <= > (135 / 137) 98.54%  ETA: 00:00:01
Checking Config Backups - Time: 00:01:11 <= > (136 / 137) 99.27%  ETA: 00:00:01
Checking Config Backups - Time: 00:01:12 <=> (137 / 137) 100.00% Time: 00:01:12

[i] No Config Backups Found.

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 0
| Requests Remaining: 12

[+] Finished: Sun Aug 24 13:33:22 2025
[+] Requests Done: 142
[+] Cached Requests: 41
[+] Data Sent: 38.288 KB
[+] Data Received: 128.871 KB
[+] Memory used: 189.191 MB
[+] Elapsed time: 00:01:16

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://samokat56.ru/ [45.130.41.110]
[+] Started: Sun Aug 24 13:28:28 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx-reuseport/1.21.1
|  - x-powered-by: PHP/8.2.28
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://samokat56.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://samokat56.ru/xmlrpc.php
| Found By: Link Tag (Passive Detection)
| Confidence: 30%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://samokat56.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://samokat56.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Passive Detection)
|  - https://samokat56.ru/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://samokat56.ru/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[+] WordPress theme in use: woodmart
| Location: https://samokat56.ru/wp-content/themes/woodmart/
| Last Updated: 2025-07-24T18:48:59.000Z
| [!] The version is out of date, the latest version is 8.2.7
| Style URL: https://samokat56.ru/wp-content/themes/woodmart/style.css
| Style Name: Woodmart
| Style URI: https://woodmart.xtemos.com/
| Description: ThemeForest Premium Theme...
| Author: XTemos
| Author URI: http://themeforest.net/user/xtemos
|
| Found By: Urls In Homepage (Passive Detection)
|
| [!] 6 vulnerabilities identified:
|
| [!] Title: WoodMart < 8.0.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.0.4
|     References:
|      - https://wpscan.com/vulnerability/d57ddc55-fbe2-42c0-b60f-af617990eafb
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12333
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538
|
| [!] Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Local File Inclusion
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/2bb93e73-c9a5-455d-88ec-9b25f78c15d1
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6746
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c
|
| [!] Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/4aa65ebe-a9be-4ce1-a55b-6c9fab7af20c
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6743
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc
|
| [!] Title: Woodmart < 8.2.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/db674a0e-2277-46cc-a11a-d3b6b59678df
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6744
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e
|
| [!] Title: WoodMart < 8.2.6 - Unauthenticated Post Disclosure
|     Fixed in: 8.2.6
|     References:
|      - https://wpscan.com/vulnerability/dae804ef-a25d-48e5-9ed8-537ae9c3efe2
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6745
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11
|
| [!] Title: WoodMart < 8.2.7 - Unauthenticated Cart Manipulation
|     Fixed in: 8.2.7
|     References:
|      - https://wpscan.com/vulnerability/1e03e3ca-39aa-4d5a-ab15-3be06872736e
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8097
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b
|
| Version: 7.4.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://samokat56.ru/wp-content/themes/woodmart/style.css, Match: 'Version: 7.4.3'

[+] Enumerating Users (via Passive and Aggressive Methods)

Brute Forcing Author IDs - Time: 00:00:00 <    > (0 / 10)  0.00%  ETA: ??:??:??
Brute Forcing Author IDs - Time: 00:00:01 <    > (1 / 10) 10.00%  ETA: 00:00:13
Brute Forcing Author IDs - Time: 00:00:06 <    > (2 / 10) 20.00%  ETA: 00:00:27
Brute Forcing Author IDs - Time: 00:00:10 <=   > (3 / 10) 30.00%  ETA: 00:00:27
Brute Forcing Author IDs - Time: 00:00:15 <=   > (4 / 10) 40.00%  ETA: 00:00:24
Brute Forcing Author IDs - Time: 00:00:20 <==  > (5 / 10) 50.00%  ETA: 00:00:22
Brute Forcing Author IDs - Time: 00:00:25 <==  > (6 / 10) 60.00%  ETA: 00:00:18
Brute Forcing Author IDs - Time: 00:00:30 <==  > (7 / 10) 70.00%  ETA: 00:00:14
Brute Forcing Author IDs - Time: 00:00:35 <=== > (8 / 10) 80.00%  ETA: 00:00:10
Brute Forcing Author IDs - Time: 00:00:40 <=== > (9 / 10) 90.00%  ETA: 00:00:05
Brute Forcing Author IDs - Time: 00:00:45 <==> (10 / 10) 100.00% Time: 00:00:45

[i] User(s) Identified:

[+] allanbenston
| Found By: Wp Json Api (Aggressive Detection)
|  - https://samokat56.ru/wp-json/wp/v2/users/?per_page=100&page=1
| Confirmed By:
|  Oembed API - Author URL (Aggressive Detection)
|   - https://samokat56.ru/wp-json/oembed/1.0/embed?url=https://samokat56.ru/&format=json
|  Yoast Seo Author Sitemap (Aggressive Detection)
|   - https://samokat56.ru/author-sitemap.xml
|  Author Id Brute Forcing - Author Pattern (Aggressive Detection)

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 2
| Requests Remaining: 12

[+] Finished: Sun Aug 24 13:29:46 2025
[+] Requests Done: 66
[+] Cached Requests: 7
[+] Data Sent: 20.322 KB
[+] Data Received: 9.811 MB
[+] Memory used: 267.688 MB
[+] Elapsed time: 00:01:18

Scan Aborted: --enumerate Incorrect number of ranges found: 1, should be 2

Scan Aborted: --enumerate Invalid boolean value, expected true|t|yes|y|1|false|f|no|n|0

Scan Aborted: --enumerate Invalid boolean value, expected true|t|yes|y|1|false|f|no|n|0

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://duty-free.cc/ [186.2.165.90]
[+] Started: Wed Aug 20 18:14:02 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: ddos-guard
|  - content-security-policy: upgrade-insecure-requests;
|  - x-powered-by: PHP/8.3.16
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://duty-free.cc/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://duty-free.cc/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://duty-free.cc/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://duty-free.cc/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.7.1 identified (Outdated, released on 2024-11-21).
| Found By: Rss Generator (Passive Detection)
|  - https://duty-free.cc/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>
|  - https://duty-free.cc/comments/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>

[+] WordPress theme in use: dute-free
| Location: https://duty-free.cc/wp-content/themes/dute-free/
| Readme: https://duty-free.cc/wp-content/themes/dute-free/readme.txt
| Style URL: https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0
| Style Name: duty-free
| Style URI: #
| Description: Description...
| Author: Zeaz-pixel
| Author URI: https://nostudio.site
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0, Match: 'Version: 1.0.0'

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:54
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (13 / 137)  9.48%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (14 / 137) 10.21%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (15 / 137) 10.94%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (17 / 137) 12.40%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (19 / 137) 13.86%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (20 / 137) 14.59%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (21 / 137) 15.32%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (22 / 137) 16.05%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (24 / 137) 17.51%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (25 / 137) 18.24%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (27 / 137) 19.70%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (29 / 137) 21.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (30 / 137) 21.89%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (32 / 137) 23.35%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (34 / 137) 24.81%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (35 / 137) 25.54%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (37 / 137) 27.00%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (39 / 137) 28.46%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (40 / 137) 29.19%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <   > (41 / 137) 29.92%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (42 / 137) 30.65%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <   > (44 / 137) 32.11%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <   > (46 / 137) 33.57%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (47 / 137) 34.30%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (49 / 137) 35.76%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (51 / 137) 37.22%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (53 / 137) 38.68%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (54 / 137) 39.41%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (56 / 137) 40.87%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (59 / 137) 43.06%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (64 / 137) 46.71%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (69 / 137) 50.36%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (71 / 137) 51.82%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (74 / 137) 54.01%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (76 / 137) 55.47%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (79 / 137) 57.66%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (84 / 137) 61.31%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (89 / 137) 64.96%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (91 / 137) 66.42%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <== > (94 / 137) 68.61%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <== > (99 / 137) 72.26%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (104 / 137) 75.91%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (109 / 137) 79.56%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (114 / 137) 83.21%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (119 / 137) 86.86%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (124 / 137) 90.51%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:03 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (129 / 137) 94.16%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <=> (137 / 137) 100.00% Time: 00:00:04

[i] No Config Backups Found.

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 2
| Requests Remaining: 23

[+] Finished: Wed Aug 20 18:14:14 2025
[+] Requests Done: 143
[+] Cached Requests: 38
[+] Data Sent: 49.506 KB
[+] Data Received: 114.714 KB
[+] Memory used: 283.805 MB
[+] Elapsed time: 00:00:11

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://duty-free.cc/ [186.2.165.90]
[+] Started: Wed Aug 20 18:12:01 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: ddos-guard
|  - content-security-policy: upgrade-insecure-requests;
|  - x-powered-by: PHP/8.3.16
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://duty-free.cc/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://duty-free.cc/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://duty-free.cc/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://duty-free.cc/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.7.1 identified (Outdated, released on 2024-11-21).
| Found By: Rss Generator (Passive Detection)
|  - https://duty-free.cc/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>
|  - https://duty-free.cc/comments/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>

[+] WordPress theme in use: dute-free
| Location: https://duty-free.cc/wp-content/themes/dute-free/
| Readme: https://duty-free.cc/wp-content/themes/dute-free/readme.txt
| Style URL: https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0
| Style Name: duty-free
| Style URI: #
| Description: Description...
| Author: Zeaz-pixel
| Author URI: https://nostudio.site
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0, Match: 'Version: 1.0.0'

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:52
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:00 <    > (5 / 137)  3.64%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (7 / 137)  5.10%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (10 / 137)  7.29%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (13 / 137)  9.48%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (15 / 137) 10.94%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (17 / 137) 12.40%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (20 / 137) 14.59%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (21 / 137) 15.32%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (22 / 137) 16.05%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (23 / 137) 16.78%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (24 / 137) 17.51%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (25 / 137) 18.24%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (27 / 137) 19.70%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (28 / 137) 20.43%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (29 / 137) 21.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (33 / 137) 24.08%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (34 / 137) 24.81%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (37 / 137) 27.00%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (41 / 137) 29.92%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (44 / 137) 32.11%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (45 / 137) 32.84%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <   > (46 / 137) 33.57%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <=  > (49 / 137) 35.76%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (51 / 137) 37.22%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (54 / 137) 39.41%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (56 / 137) 40.87%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (59 / 137) 43.06%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (64 / 137) 46.71%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (69 / 137) 50.36%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (71 / 137) 51.82%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (74 / 137) 54.01%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (76 / 137) 55.47%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (79 / 137) 57.66%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (84 / 137) 61.31%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (89 / 137) 64.96%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (91 / 137) 66.42%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (94 / 137) 68.61%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (99 / 137) 72.26%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (104 / 137) 75.91%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (109 / 137) 79.56%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (114 / 137) 83.21%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (119 / 137) 86.86%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (124 / 137) 90.51%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (129 / 137) 94.16%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <=> (137 / 137) 100.00% Time: 00:00:04

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Wed Aug 20 18:12:17 2025
[+] Requests Done: 171
[+] Cached Requests: 6
[+] Data Sent: 60.246 KB
[+] Data Received: 423.346 KB
[+] Memory used: 279.219 MB
[+] Elapsed time: 00:00:16

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://duty-free.cc/ [186.2.165.90]
[+] Started: Wed Aug 20 17:34:38 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: ddos-guard
|  - content-security-policy: upgrade-insecure-requests;
|  - x-powered-by: PHP/8.3.16
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://duty-free.cc/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://duty-free.cc/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://duty-free.cc/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://duty-free.cc/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.7.1 identified (Outdated, released on 2024-11-21).
| Found By: Rss Generator (Passive Detection)
|  - https://duty-free.cc/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>
|  - https://duty-free.cc/comments/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>

[+] WordPress theme in use: dute-free
| Location: https://duty-free.cc/wp-content/themes/dute-free/
| Readme: https://duty-free.cc/wp-content/themes/dute-free/readme.txt
| Style URL: https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0
| Style Name: duty-free
| Style URI: #
| Description: Description...
| Author: Zeaz-pixel
| Author URI: https://nostudio.site
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0, Match: 'Version: 1.0.0'

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:51
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:26
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (7 / 137)  5.10%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (13 / 137)  9.48%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (14 / 137) 10.21%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (17 / 137) 12.40%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (19 / 137) 13.86%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (21 / 137) 15.32%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (23 / 137) 16.78%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (24 / 137) 17.51%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (28 / 137) 20.43%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (29 / 137) 21.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (30 / 137) 21.89%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (33 / 137) 24.08%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (34 / 137) 24.81%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (35 / 137) 25.54%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (37 / 137) 27.00%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (41 / 137) 29.92%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (44 / 137) 32.11%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <   > (45 / 137) 32.84%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <   > (46 / 137) 33.57%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (49 / 137) 35.76%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (50 / 137) 36.49%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (51 / 137) 37.22%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (54 / 137) 39.41%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (56 / 137) 40.87%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (59 / 137) 43.06%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (64 / 137) 46.71%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (69 / 137) 50.36%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (71 / 137) 51.82%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (74 / 137) 54.01%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (76 / 137) 55.47%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (80 / 137) 58.39%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (90 / 137) 65.69%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (91 / 137) 66.42%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (95 / 137) 69.34%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <= > (100 / 137) 72.99%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (104 / 137) 75.91%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (109 / 137) 79.56%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (114 / 137) 83.21%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (119 / 137) 86.86%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (124 / 137) 90.51%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (129 / 137) 94.16%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <=> (137 / 137) 100.00% Time: 00:00:04

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Wed Aug 20 17:34:54 2025
[+] Requests Done: 171
[+] Cached Requests: 6
[+] Data Sent: 59.395 KB
[+] Data Received: 423.463 KB
[+] Memory used: 297.277 MB
[+] Elapsed time: 00:00:15

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

[*] std: Performing General Enumeration against: btc.viabtc.io...
[-] DNSSEC is not configured for btc.viabtc.io
[*] 	 SOA brenda.ns.cloudflare.com 172.64.32.77
[*] 	 SOA brenda.ns.cloudflare.com 173.245.58.77
[*] 	 SOA brenda.ns.cloudflare.com 108.162.192.77
[*] 	 SOA brenda.ns.cloudflare.com 2606:4700:50::adf5:3a4d
[*] 	 SOA brenda.ns.cloudflare.com 2a06:98c1:50::ac40:204d
[*] 	 SOA brenda.ns.cloudflare.com 2803:f800:50::6ca2:c04d
[*] 	 CNAME btc.viabtc.io 2cddb48050f840aba73f826849829d84.pacloudflare.com
[*] 	 A 2cddb48050f840aba73f826849829d84.pacloudflare.com 172.65.24.253
[*] Enumerating SRV Records
[-] No SRV Records Found for btc.viabtc.io

Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-13 15:56 UTC
Nmap scan report for ip-00d1.rusanovka-net.kiev.ua (94.244.0.209)
Host is up (0.14s latency).
Not shown: 999 closed tcp ports (reset)
PORT   STATE    SERVICE
25/tcp filtered smtp

Nmap done: 1 IP address (1 host up) scanned in 14.10 seconds

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

Usage: wpscan [options]
--url URL                                 The URL of the blog to scan
Allowed Protocols: http, https
Default Protocol if none provided: http
This option is mandatory unless update or help or hh or version is/are supplied
-h, --help                                    Display the simple help and exit
--hh                                      Display the full help and exit
--version                                 Display the version and exit
-v, --verbose                                 Verbose mode
--[no-]banner                             Whether or not to display the banner
Default: true
-o, --output FILE                             Output to FILE
-f, --format FORMAT                           Output results in the format supplied
Available choices: cli-no-colour, cli-no-color, json, cli
--detection-mode MODE                     Default: mixed
Available choices: mixed, passive, aggressive
--user-agent, --ua VALUE
--random-user-agent, --rua                Use a random user-agent for each scan
--http-auth login:password
-t, --max-threads VALUE                       The max threads to use
Default: 5
--throttle MilliSeconds                   Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
--request-timeout SECONDS                 The request timeout in seconds
Default: 60
--connect-timeout SECONDS                 The connection timeout in seconds
Default: 30
--disable-tls-checks                      Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
--proxy protocol://IP:port                Supported protocols depend on the cURL installed
--proxy-auth login:password
--cookie-string COOKIE                    Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
--cookie-jar FILE-PATH                    File to read and write cookies
Default: /tmp/wpscan/cookie_jar.txt
--force                                   Do not check if the target is running WordPress or returns a 403
--[no-]update                             Whether or not to update the Database
--api-token TOKEN                         The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
--wp-content-dir DIR                      The wp-content directory if custom or not detected, such as "wp-content"
--wp-plugins-dir DIR                      The plugins directory if custom or not detected, such as "wp-content/plugins"
-e, --enumerate [OPTS]                        Enumeration Process
Available Choices:
vp   Vulnerable plugins
ap   All plugins
p    Popular plugins
vt   Vulnerable themes
at   All themes
t    Popular themes
tt   Timthumbs
cb   Config backups
dbe  Db exports
u    User IDs range. e.g: u1-5
Range separator to use: '-'
Value if no argument supplied: 1-10
m    Media IDs range. e.g m1-15
Note: Permalink setting must be set to "Plain" for those to be detected
Range separator to use: '-'
Value if no argument supplied: 1-100
Separator to use between the values: ','
Default: All Plugins, Config Backups
Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
Incompatible choices (only one of each group/s can be used):
- vp, ap, p
- vt, at, t
--exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
Both the headers and body are checked. Regexp delimiters are not required.
--plugins-detection MODE                  Use the supplied mode to enumerate Plugins.
Default: passive
Available choices: mixed, passive, aggressive
--plugins-version-detection MODE          Use the supplied mode to check plugins' versions.
Default: mixed
Available choices: mixed, passive, aggressive
--exclude-usernames REGEXP_OR_STRING      Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
If no --username/s option supplied, user enumeration will be run.
-U, --usernames LIST                          List of usernames to use during the password attack.
Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
--multicall-max-passwords MAX_PWD         Maximum number of passwords to send by request with XMLRPC multicall
Default: 500
--password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.
Multicall will only work against WP < 4.4
Available choices: wp-login, xmlrpc, xmlrpc-multicall
--login-uri URI                           The URI of the login page if different from /wp-login.php
--stealthy                                Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive

[!] To see full list of options use --hh.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'