Activity log

September 19, 2025 09:37 #0fbe

~$ theHarvester -d tularegion.ru completed Task ID: ***0f59

September 19, 2025 09:37 #0fbe

~$ theHarvester -d scloud.ru completed Task ID: ***bb24

September 19, 2025 09:37 #0fbe

~$ theHarvester -d SCLOUD.RU completed Task ID: ***1380

September 11, 2025 17:18 #2400

~$ theHarvester -d kalitools.io completed Task ID: ***4cdd

September 11, 2025 17:17 #2400

~$ theHarvester -h completed Task ID: ***4a44

Read proxies.yaml from /etc/theHarvester/proxies.yaml
*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 4.8.2                                              *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* [email protected]                                   *
*                                                                 *
*******************************************************************
usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-p] [-s]
[--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t]
[-r [DNS_RESOLVE]] [-n] [-c] [-f FILENAME] [-w WORDLIST]
[-a] [-q] [-b SOURCE]

theHarvester is used to gather open source intelligence (OSINT) on a company
or domain.

options:
-h, --help            show this help message and exit
-d, --domain DOMAIN   Company name or domain to search.
-l, --limit LIMIT     Limit the number of search results, default=500.
-S, --start START     Start with result number X, default=0.
-p, --proxies         Use proxies for requests, enter proxies in
proxies.yaml.
-s, --shodan          Use Shodan to query discovered hosts.
--screenshot SCREENSHOT
Take screenshots of resolved domains specify output
directory: --screenshot output_directory
-v, --virtual-host    Verify host name via DNS resolution and search for
virtual hosts.
-e, --dns-server DNS_SERVER
DNS server to use for lookup.
-t, --take-over       Check for takeovers.
-r, --dns-resolve [DNS_RESOLVE]
Perform DNS resolution on subdomains with a resolver
list or passed in resolvers, default False.
-n, --dns-lookup      Enable DNS server lookup, default False.
-c, --dns-brute       Perform a DNS brute force on the domain.
-f, --filename FILENAME
Save the results to an XML and JSON file.
-w, --wordlist WORDLIST
Specify a wordlist for API endpoint scanning.
-a, --api-scan        Scan for API endpoints.
-q, --quiet           Suppress missing API key warnings.
-b, --source SOURCE   baidu, bevigil, bing, bingapi, brave, bufferoverun,
builtwith, censys, certspotter, criminalip, crtsh,
dehashed, dnsdumpster, duckduckgo, fullhunt, github-
code, hackertarget, haveibeenpwned, hunter, hunterhow,
intelx, leaklookup, netlas, onyphe, otx, pentesttools,
projectdiscovery, rapiddns, rocketreach,
securityscorecard, securityTrails, shodan,
sitedossier, subdomaincenter, subdomainfinderc99,
threatminer, tomba, urlscan, venacus, virustotal,
whoisxml, yahoo, zoomeye

August 29, 2025 15:25 #5eb6

~$ wpscan --url duty-free.cc --api-token VomZnkzrarZkodcAswMHIRs0T58m5FuahxWMhfj3hYI completed Task ID: ***f6c0

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[32m[+][0m URL: https://duty-free.cc/ [186.2.165.90]
[32m[+][0m Started: Fri Aug 29 15:25:37 2025

Interesting Finding(s):

[32m[+][0m Headers
| Interesting Entries:
|  - server: ddos-guard
|  - content-security-policy: upgrade-insecure-requests;
|  - x-powered-by: PHP/8.3.16
| Found By: Headers (Passive Detection)
| Confidence: 100%

[32m[+][0m robots.txt found: https://duty-free.cc/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[32m[+][0m XML-RPC seems to be enabled: https://duty-free.cc/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[32m[+][0m WordPress readme found: https://duty-free.cc/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[32m[+][0m The external WP-Cron seems to be enabled: https://duty-free.cc/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[32m[+][0m WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Passive Detection)
|  - https://duty-free.cc/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://duty-free.cc/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[32m[+][0m WordPress theme in use: dute-free
| Location: https://duty-free.cc/wp-content/themes/dute-free/
| Readme: https://duty-free.cc/wp-content/themes/dute-free/readme.txt
| Style URL: https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0
| Style Name: duty-free
| Style URI: #
| Description: Description...
| Author: Zeaz-pixel
| Author URI: https://nostudio.site
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0, Match: 'Version: 1.0.0'

[32m[+][0m Enumerating All Plugins (via Passive Methods)
[32m[+][0m Checking Plugin Versions (via Passive and Aggressive Methods)

[34m[i][0m Plugin(s) Identified:

[32m[+][0m *
| Location: https://duty-free.cc/wp-content/plugins/*/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.

[32m[+][0m Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:52
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:00 <    > (5 / 137)  3.64%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (7 / 137)  5.10%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (10 / 137)  7.29%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (13 / 137)  9.48%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (15 / 137) 10.94%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (17 / 137) 12.40%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (20 / 137) 14.59%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (21 / 137) 15.32%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (22 / 137) 16.05%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (23 / 137) 16.78%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (24 / 137) 17.51%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (25 / 137) 18.24%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (27 / 137) 19.70%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (28 / 137) 20.43%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (29 / 137) 21.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (30 / 137) 21.89%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (32 / 137) 23.35%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (33 / 137) 24.08%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (34 / 137) 24.81%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (35 / 137) 25.54%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (37 / 137) 27.00%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (41 / 137) 29.92%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (44 / 137) 32.11%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (45 / 137) 32.84%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <   > (46 / 137) 33.57%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <=  > (49 / 137) 35.76%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (50 / 137) 36.49%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (51 / 137) 37.22%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (54 / 137) 39.41%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (55 / 137) 40.14%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (56 / 137) 40.87%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (59 / 137) 43.06%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (60 / 137) 43.79%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (64 / 137) 46.71%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (69 / 137) 50.36%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (71 / 137) 51.82%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (74 / 137) 54.01%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (76 / 137) 55.47%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (84 / 137) 61.31%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (89 / 137) 64.96%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (91 / 137) 66.42%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (94 / 137) 68.61%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (99 / 137) 72.26%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (104 / 137) 75.91%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (109 / 137) 79.56%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (114 / 137) 83.21%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (119 / 137) 86.86%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (124 / 137) 90.51%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (129 / 137) 94.16%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:05 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:05 <=> (137 / 137) 100.00% Time: 00:00:05

[34m[i][0m No Config Backups Found.

[32m[+][0m WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 3
| Requests Remaining: 22

[32m[+][0m Finished: Fri Aug 29 15:25:56 2025
[32m[+][0m Requests Done: 181
[32m[+][0m Cached Requests: 6
[32m[+][0m Data Sent: 63.278 KB
[32m[+][0m Data Received: 435.046 KB
[32m[+][0m Memory used: 292.699 MB
[32m[+][0m Elapsed time: 00:00:19

August 26, 2025 20:49 #40f8

~$ wpscan --update completed Task ID: ***a0b7

August 25, 2025 10:50 #b616

~$ theHarvester -d google.com -b google completed Task ID: ***989d

August 25, 2025 10:50 #b616

~$ theHarvester -d example.com -b example completed Task ID: ***a7cf

August 25, 2025 10:50 #b616

~$ theHarvester -d example.com -b google.com completed Task ID: ***9728

August 25, 2025 10:49 #b616

~$ theHarvester -d example.com -b google completed Task ID: ***ff6d

August 25, 2025 10:49 #b616

~$ theHarvester google.com completed Task ID: ***132a

August 24, 2025 13:34 #4fd9

~$ wpscan --url https://samokat56.ru \ --enumerate dbe \ --api-token 3hJMhxrXmu3nsaJvYrwTF0dpn7ed5bBOtnmJY5JQLxU \ --disable-tls-checks \ --throttle 1 completed Task ID: ***4093

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[32m[+][0m URL: https://samokat56.ru/ [45.130.41.110]
[32m[+][0m Started: Sun Aug 24 13:34:14 2025

Interesting Finding(s):

[32m[+][0m Headers
| Interesting Entries:
|  - server: nginx-reuseport/1.21.1
|  - x-powered-by: PHP/8.2.28
| Found By: Headers (Passive Detection)
| Confidence: 100%

[32m[+][0m robots.txt found: https://samokat56.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[32m[+][0m XML-RPC seems to be enabled: https://samokat56.ru/xmlrpc.php
| Found By: Link Tag (Passive Detection)
| Confidence: 30%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[32m[+][0m WordPress readme found: https://samokat56.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[32m[+][0m The external WP-Cron seems to be enabled: https://samokat56.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[32m[+][0m WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Passive Detection)
|  - https://samokat56.ru/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://samokat56.ru/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[32m[+][0m WordPress theme in use: woodmart
| Location: https://samokat56.ru/wp-content/themes/woodmart/
| Last Updated: 2025-07-24T18:48:59.000Z
| [33m[!][0m The version is out of date, the latest version is 8.2.7
| Style URL: https://samokat56.ru/wp-content/themes/woodmart/style.css
| Style Name: Woodmart
| Style URI: https://woodmart.xtemos.com/
| Description: ThemeForest Premium Theme...
| Author: XTemos
| Author URI: http://themeforest.net/user/xtemos
|
| Found By: Urls In Homepage (Passive Detection)
|
| [31m[!][0m 6 vulnerabilities identified:
|
| [31m[!][0m Title: WoodMart < 8.0.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.0.4
|     References:
|      - https://wpscan.com/vulnerability/d57ddc55-fbe2-42c0-b60f-af617990eafb
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12333
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538
|
| [31m[!][0m Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Local File Inclusion
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/2bb93e73-c9a5-455d-88ec-9b25f78c15d1
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6746
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c
|
| [31m[!][0m Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/4aa65ebe-a9be-4ce1-a55b-6c9fab7af20c
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6743
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc
|
| [31m[!][0m Title: Woodmart < 8.2.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/db674a0e-2277-46cc-a11a-d3b6b59678df
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6744
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e
|
| [31m[!][0m Title: WoodMart < 8.2.6 - Unauthenticated Post Disclosure
|     Fixed in: 8.2.6
|     References:
|      - https://wpscan.com/vulnerability/dae804ef-a25d-48e5-9ed8-537ae9c3efe2
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6745
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11
|
| [31m[!][0m Title: WoodMart < 8.2.7 - Unauthenticated Cart Manipulation
|     Fixed in: 8.2.7
|     References:
|      - https://wpscan.com/vulnerability/1e03e3ca-39aa-4d5a-ab15-3be06872736e
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8097
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b
|
| Version: 7.4.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://samokat56.ru/wp-content/themes/woodmart/style.css, Match: 'Version: 7.4.3'

[32m[+][0m Enumerating DB Exports (via Passive and Aggressive Methods)

Checking DB Exports - Time: 00:00:00 <         > (0 / 75)  0.00%  ETA: ??:??:??
Checking DB Exports - Time: 00:00:00 <         > (1 / 75)  1.33%  ETA: 00:00:36
Checking DB Exports - Time: 00:00:00 <         > (2 / 75)  2.66%  ETA: 00:00:23
Checking DB Exports - Time: 00:00:00 <         > (3 / 75)  4.00%  ETA: 00:00:18
Checking DB Exports - Time: 00:00:00 <         > (4 / 75)  5.33%  ETA: 00:00:16
Checking DB Exports - Time: 00:00:01 <         > (5 / 75)  6.66%  ETA: 00:00:15
Checking DB Exports - Time: 00:00:01 <         > (6 / 75)  8.00%  ETA: 00:00:14
Checking DB Exports - Time: 00:00:01 <         > (7 / 75)  9.33%  ETA: 00:00:13
Checking DB Exports - Time: 00:00:01 <         > (8 / 75) 10.66%  ETA: 00:00:13
Checking DB Exports - Time: 00:00:01 <=        > (9 / 75) 12.00%  ETA: 00:00:12
Checking DB Exports - Time: 00:00:01 <=       > (10 / 75) 13.33%  ETA: 00:00:12
Checking DB Exports - Time: 00:00:01 <=       > (11 / 75) 14.66%  ETA: 00:00:11
Checking DB Exports - Time: 00:00:02 <=       > (12 / 75) 16.00%  ETA: 00:00:11
Checking DB Exports - Time: 00:00:02 <=       > (13 / 75) 17.33%  ETA: 00:00:11
Checking DB Exports - Time: 00:00:02 <=       > (14 / 75) 18.66%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (15 / 75) 20.00%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (16 / 75) 21.33%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (17 / 75) 22.66%  ETA: 00:00:10
Checking DB Exports - Time: 00:00:02 <=       > (18 / 75) 24.00%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (19 / 75) 25.33%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (20 / 75) 26.66%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (21 / 75) 28.00%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (22 / 75) 29.33%  ETA: 00:00:09
Checking DB Exports - Time: 00:00:03 <==      > (23 / 75) 30.66%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:03 <==      > (24 / 75) 32.00%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:03 <==      > (25 / 75) 33.33%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:04 <==      > (26 / 75) 34.66%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:04 <==      > (27 / 75) 36.00%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:04 <==      > (28 / 75) 37.33%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (29 / 75) 38.66%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (30 / 75) 40.00%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (31 / 75) 41.33%  ETA: 00:00:08
Checking DB Exports - Time: 00:00:05 <===     > (32 / 75) 42.66%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:05 <===     > (33 / 75) 44.00%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:05 <===     > (34 / 75) 45.33%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:05 <===     > (35 / 75) 46.66%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:06 <===     > (36 / 75) 48.00%  ETA: 00:00:07
Checking DB Exports - Time: 00:00:06 <===     > (37 / 75) 49.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:06 <====    > (38 / 75) 50.66%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:06 <====    > (39 / 75) 52.00%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (40 / 75) 53.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (41 / 75) 54.66%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (42 / 75) 56.00%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (43 / 75) 57.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:07 <====    > (44 / 75) 58.66%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:08 <====    > (45 / 75) 60.00%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:08 <====    > (46 / 75) 61.33%  ETA: 00:00:06
Checking DB Exports - Time: 00:00:08 <====    > (47 / 75) 62.66%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:08 <=====   > (48 / 75) 64.00%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:09 <=====   > (49 / 75) 65.33%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:09 <=====   > (50 / 75) 66.66%  ETA: 00:00:05
Checking DB Exports - Time: 00:00:09 <=====   > (51 / 75) 68.00%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:09 <=====   > (52 / 75) 69.33%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:09 <=====   > (53 / 75) 70.66%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:09 <=====   > (54 / 75) 72.00%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:10 <=====   > (55 / 75) 73.33%  ETA: 00:00:04
Checking DB Exports - Time: 00:00:10 <=====   > (56 / 75) 74.66%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (57 / 75) 76.00%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (58 / 75) 77.33%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (59 / 75) 78.66%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (60 / 75) 80.00%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:10 <======  > (61 / 75) 81.33%  ETA: 00:00:03
Checking DB Exports - Time: 00:00:11 <======  > (62 / 75) 82.66%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======  > (63 / 75) 84.00%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======  > (64 / 75) 85.33%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======  > (65 / 75) 86.66%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======= > (66 / 75) 88.00%  ETA: 00:00:02
Checking DB Exports - Time: 00:00:11 <======= > (67 / 75) 89.33%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:11 <======= > (68 / 75) 90.66%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (69 / 75) 92.00%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (70 / 75) 93.33%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (71 / 75) 94.66%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (72 / 75) 96.00%  ETA: 00:00:01
Checking DB Exports - Time: 00:00:12 <======= > (73 / 75) 97.33%  ETA: 00:00:00
Checking DB Exports - Time: 00:00:12 <======= > (74 / 75) 98.66%  ETA: 00:00:00
Checking DB Exports - Time: 00:00:13 <=======> (75 / 75) 100.00% Time: 00:00:13

[34m[i][0m No DB Exports Found.

[32m[+][0m WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 0
| Requests Remaining: 12

[32m[+][0m Finished: Sun Aug 24 13:34:31 2025
[32m[+][0m Requests Done: 79
[32m[+][0m Cached Requests: 40
[32m[+][0m Data Sent: 21.129 KB
[32m[+][0m Data Received: 93.926 KB
[32m[+][0m Memory used: 178.176 MB
[32m[+][0m Elapsed time: 00:00:17

August 24, 2025 13:31 #4fd9

~$ wpscan --url https://samokat56.ru \ --enumerate cb \ --api-token 3hJMhxrXmu3nsaJvYrwTF0dpn7ed5bBOtnmJY5JQLxU \ --disable-tls-checks \ --throttle 1 completed Task ID: ***1907

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[32m[+][0m URL: https://samokat56.ru/ [45.130.41.110]
[32m[+][0m Started: Sun Aug 24 13:32:05 2025

Interesting Finding(s):

[32m[+][0m Headers
| Interesting Entries:
|  - server: nginx-reuseport/1.21.1
|  - x-powered-by: PHP/8.2.28
| Found By: Headers (Passive Detection)
| Confidence: 100%

[32m[+][0m robots.txt found: https://samokat56.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[32m[+][0m XML-RPC seems to be enabled: https://samokat56.ru/xmlrpc.php
| Found By: Link Tag (Passive Detection)
| Confidence: 30%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[32m[+][0m WordPress readme found: https://samokat56.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[32m[+][0m The external WP-Cron seems to be enabled: https://samokat56.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[32m[+][0m WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Passive Detection)
|  - https://samokat56.ru/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://samokat56.ru/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[32m[+][0m WordPress theme in use: woodmart
| Location: https://samokat56.ru/wp-content/themes/woodmart/
| Last Updated: 2025-07-24T18:48:59.000Z
| [33m[!][0m The version is out of date, the latest version is 8.2.7
| Style URL: https://samokat56.ru/wp-content/themes/woodmart/style.css
| Style Name: Woodmart
| Style URI: https://woodmart.xtemos.com/
| Description: ThemeForest Premium Theme...
| Author: XTemos
| Author URI: http://themeforest.net/user/xtemos
|
| Found By: Urls In Homepage (Passive Detection)
|
| [31m[!][0m 6 vulnerabilities identified:
|
| [31m[!][0m Title: WoodMart < 8.0.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.0.4
|     References:
|      - https://wpscan.com/vulnerability/d57ddc55-fbe2-42c0-b60f-af617990eafb
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12333
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538
|
| [31m[!][0m Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Local File Inclusion
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/2bb93e73-c9a5-455d-88ec-9b25f78c15d1
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6746
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c
|
| [31m[!][0m Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/4aa65ebe-a9be-4ce1-a55b-6c9fab7af20c
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6743
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc
|
| [31m[!][0m Title: Woodmart < 8.2.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/db674a0e-2277-46cc-a11a-d3b6b59678df
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6744
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e
|
| [31m[!][0m Title: WoodMart < 8.2.6 - Unauthenticated Post Disclosure
|     Fixed in: 8.2.6
|     References:
|      - https://wpscan.com/vulnerability/dae804ef-a25d-48e5-9ed8-537ae9c3efe2
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6745
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11
|
| [31m[!][0m Title: WoodMart < 8.2.7 - Unauthenticated Cart Manipulation
|     Fixed in: 8.2.7
|     References:
|      - https://wpscan.com/vulnerability/1e03e3ca-39aa-4d5a-ab15-3be06872736e
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8097
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b
|
| Version: 7.4.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://samokat56.ru/wp-content/themes/woodmart/style.css, Match: 'Version: 7.4.3'

[32m[+][0m Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:01:31
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:54
Checking Config Backups - Time: 00:00:01 <    > (3 / 137)  2.18%  ETA: 00:01:18
Checking Config Backups - Time: 00:00:02 <    > (4 / 137)  2.91%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:03 <    > (5 / 137)  3.64%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:03 <    > (6 / 137)  4.37%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:04 <    > (7 / 137)  5.10%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:05 <    > (8 / 137)  5.83%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:05 <    > (9 / 137)  6.56%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:06 <   > (10 / 137)  7.29%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:07 <   > (11 / 137)  8.02%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:08 <   > (12 / 137)  8.75%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:08 <   > (13 / 137)  9.48%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:09 <   > (14 / 137) 10.21%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:10 <   > (15 / 137) 10.94%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:10 <   > (16 / 137) 11.67%  ETA: 00:01:20
Checking Config Backups - Time: 00:00:10 <   > (17 / 137) 12.40%  ETA: 00:01:16
Checking Config Backups - Time: 00:00:11 <   > (18 / 137) 13.13%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:11 <   > (19 / 137) 13.86%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:12 <   > (20 / 137) 14.59%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:13 <   > (21 / 137) 15.32%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:14 <   > (22 / 137) 16.05%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:14 <   > (23 / 137) 16.78%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:15 <   > (24 / 137) 17.51%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:16 <   > (25 / 137) 18.24%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:17 <   > (26 / 137) 18.97%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:18 <   > (27 / 137) 19.70%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:18 <   > (28 / 137) 20.43%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:19 <   > (29 / 137) 21.16%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:20 <   > (30 / 137) 21.89%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:21 <   > (31 / 137) 22.62%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:22 <   > (32 / 137) 23.35%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:23 <   > (33 / 137) 24.08%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:24 <   > (34 / 137) 24.81%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:24 <   > (35 / 137) 25.54%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:25 <   > (36 / 137) 26.27%  ETA: 00:01:12
Checking Config Backups - Time: 00:00:27 <   > (37 / 137) 27.00%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:28 <   > (38 / 137) 27.73%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:28 <   > (39 / 137) 28.46%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:29 <   > (40 / 137) 29.19%  ETA: 00:01:12
Checking Config Backups - Time: 00:00:30 <   > (41 / 137) 29.92%  ETA: 00:01:11
Checking Config Backups - Time: 00:00:31 <   > (42 / 137) 30.65%  ETA: 00:01:11
Checking Config Backups - Time: 00:00:31 <   > (43 / 137) 31.38%  ETA: 00:01:10
Checking Config Backups - Time: 00:00:32 <   > (44 / 137) 32.11%  ETA: 00:01:09
Checking Config Backups - Time: 00:00:33 <   > (45 / 137) 32.84%  ETA: 00:01:08
Checking Config Backups - Time: 00:00:33 <   > (46 / 137) 33.57%  ETA: 00:01:07
Checking Config Backups - Time: 00:00:34 <=  > (47 / 137) 34.30%  ETA: 00:01:06
Checking Config Backups - Time: 00:00:35 <=  > (48 / 137) 35.03%  ETA: 00:01:05
Checking Config Backups - Time: 00:00:35 <=  > (49 / 137) 35.76%  ETA: 00:01:04
Checking Config Backups - Time: 00:00:36 <=  > (50 / 137) 36.49%  ETA: 00:01:04
Checking Config Backups - Time: 00:00:37 <=  > (51 / 137) 37.22%  ETA: 00:01:03
Checking Config Backups - Time: 00:00:37 <=  > (52 / 137) 37.95%  ETA: 00:01:02
Checking Config Backups - Time: 00:00:38 <=  > (53 / 137) 38.68%  ETA: 00:01:01
Checking Config Backups - Time: 00:00:39 <=  > (54 / 137) 39.41%  ETA: 00:01:01
Checking Config Backups - Time: 00:00:40 <=  > (55 / 137) 40.14%  ETA: 00:01:00
Checking Config Backups - Time: 00:00:40 <=  > (56 / 137) 40.87%  ETA: 00:00:59
Checking Config Backups - Time: 00:00:41 <=  > (57 / 137) 41.60%  ETA: 00:00:58
Checking Config Backups - Time: 00:00:42 <=  > (58 / 137) 42.33%  ETA: 00:00:58
Checking Config Backups - Time: 00:00:42 <=  > (59 / 137) 43.06%  ETA: 00:00:57
Checking Config Backups - Time: 00:00:43 <=  > (60 / 137) 43.79%  ETA: 00:00:56
Checking Config Backups - Time: 00:00:44 <=  > (61 / 137) 44.52%  ETA: 00:00:55
Checking Config Backups - Time: 00:00:44 <=  > (62 / 137) 45.25%  ETA: 00:00:54
Checking Config Backups - Time: 00:00:44 <=  > (63 / 137) 45.98%  ETA: 00:00:53
Checking Config Backups - Time: 00:00:44 <=  > (64 / 137) 46.71%  ETA: 00:00:51
Checking Config Backups - Time: 00:00:45 <=  > (65 / 137) 47.44%  ETA: 00:00:50
Checking Config Backups - Time: 00:00:45 <=  > (66 / 137) 48.17%  ETA: 00:00:49
Checking Config Backups - Time: 00:00:45 <=  > (67 / 137) 48.90%  ETA: 00:00:48
Checking Config Backups - Time: 00:00:45 <=  > (68 / 137) 49.63%  ETA: 00:00:46
Checking Config Backups - Time: 00:00:45 <=  > (69 / 137) 50.36%  ETA: 00:00:45
Checking Config Backups - Time: 00:00:45 <=  > (70 / 137) 51.09%  ETA: 00:00:44
Checking Config Backups - Time: 00:00:46 <=  > (71 / 137) 51.82%  ETA: 00:00:43
Checking Config Backups - Time: 00:00:46 <=  > (72 / 137) 52.55%  ETA: 00:00:42
Checking Config Backups - Time: 00:00:46 <=  > (73 / 137) 53.28%  ETA: 00:00:41
Checking Config Backups - Time: 00:00:46 <=  > (74 / 137) 54.01%  ETA: 00:00:40
Checking Config Backups - Time: 00:00:46 <=  > (75 / 137) 54.74%  ETA: 00:00:39
Checking Config Backups - Time: 00:00:46 <=  > (76 / 137) 55.47%  ETA: 00:00:38
Checking Config Backups - Time: 00:00:47 <=  > (77 / 137) 56.20%  ETA: 00:00:37
Checking Config Backups - Time: 00:00:47 <=  > (78 / 137) 56.93%  ETA: 00:00:36
Checking Config Backups - Time: 00:00:47 <=  > (79 / 137) 57.66%  ETA: 00:00:35
Checking Config Backups - Time: 00:00:47 <=  > (80 / 137) 58.39%  ETA: 00:00:34
Checking Config Backups - Time: 00:00:47 <=  > (81 / 137) 59.12%  ETA: 00:00:33
Checking Config Backups - Time: 00:00:47 <=  > (82 / 137) 59.85%  ETA: 00:00:32
Checking Config Backups - Time: 00:00:48 <=  > (83 / 137) 60.58%  ETA: 00:00:31
Checking Config Backups - Time: 00:00:48 <=  > (84 / 137) 61.31%  ETA: 00:00:31
Checking Config Backups - Time: 00:00:48 <=  > (85 / 137) 62.04%  ETA: 00:00:30
Checking Config Backups - Time: 00:00:48 <=  > (86 / 137) 62.77%  ETA: 00:00:29
Checking Config Backups - Time: 00:00:48 <=  > (87 / 137) 63.50%  ETA: 00:00:28
Checking Config Backups - Time: 00:00:49 <=  > (88 / 137) 64.23%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:49 <=  > (89 / 137) 64.96%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:49 <=  > (90 / 137) 65.69%  ETA: 00:00:26
Checking Config Backups - Time: 00:00:49 <=  > (91 / 137) 66.42%  ETA: 00:00:25
Checking Config Backups - Time: 00:00:49 <== > (92 / 137) 67.15%  ETA: 00:00:24
Checking Config Backups - Time: 00:00:49 <== > (93 / 137) 67.88%  ETA: 00:00:24
Checking Config Backups - Time: 00:00:50 <== > (94 / 137) 68.61%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:50 <== > (95 / 137) 69.34%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:50 <== > (96 / 137) 70.07%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:51 <== > (97 / 137) 70.80%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:51 <== > (98 / 137) 71.53%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:52 <== > (99 / 137) 72.26%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:52 <= > (100 / 137) 72.99%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:52 <= > (101 / 137) 73.72%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:53 <= > (102 / 137) 74.45%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:53 <= > (103 / 137) 75.18%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:53 <= > (104 / 137) 75.91%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:53 <= > (105 / 137) 76.64%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:53 <= > (106 / 137) 77.37%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:53 <= > (107 / 137) 78.10%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:54 <= > (108 / 137) 78.83%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:54 <= > (109 / 137) 79.56%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:54 <= > (110 / 137) 80.29%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:54 <= > (111 / 137) 81.02%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:54 <= > (112 / 137) 81.75%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:54 <= > (113 / 137) 82.48%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:55 <= > (114 / 137) 83.21%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:55 <= > (115 / 137) 83.94%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:56 <= > (116 / 137) 84.67%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:57 <= > (117 / 137) 85.40%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:57 <= > (118 / 137) 86.13%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:58 <= > (119 / 137) 86.86%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:59 <= > (120 / 137) 87.59%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:59 <= > (121 / 137) 88.32%  ETA: 00:00:08
Checking Config Backups - Time: 00:01:00 <= > (122 / 137) 89.05%  ETA: 00:00:08
Checking Config Backups - Time: 00:01:01 <= > (123 / 137) 89.78%  ETA: 00:00:07
Checking Config Backups - Time: 00:01:02 <= > (124 / 137) 90.51%  ETA: 00:00:07
Checking Config Backups - Time: 00:01:03 <= > (125 / 137) 91.24%  ETA: 00:00:06
Checking Config Backups - Time: 00:01:04 <= > (126 / 137) 91.97%  ETA: 00:00:06
Checking Config Backups - Time: 00:01:04 <= > (127 / 137) 92.70%  ETA: 00:00:05
Checking Config Backups - Time: 00:01:05 <= > (128 / 137) 93.43%  ETA: 00:00:05
Checking Config Backups - Time: 00:01:06 <= > (129 / 137) 94.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:01:07 <= > (130 / 137) 94.89%  ETA: 00:00:04
Checking Config Backups - Time: 00:01:07 <= > (131 / 137) 95.62%  ETA: 00:00:03
Checking Config Backups - Time: 00:01:08 <= > (132 / 137) 96.35%  ETA: 00:00:03
Checking Config Backups - Time: 00:01:09 <= > (133 / 137) 97.08%  ETA: 00:00:02
Checking Config Backups - Time: 00:01:09 <= > (134 / 137) 97.81%  ETA: 00:00:02
Checking Config Backups - Time: 00:01:10 <= > (135 / 137) 98.54%  ETA: 00:00:01
Checking Config Backups - Time: 00:01:11 <= > (136 / 137) 99.27%  ETA: 00:00:01
Checking Config Backups - Time: 00:01:12 <=> (137 / 137) 100.00% Time: 00:01:12

[34m[i][0m No Config Backups Found.

[32m[+][0m WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 0
| Requests Remaining: 12

[32m[+][0m Finished: Sun Aug 24 13:33:22 2025
[32m[+][0m Requests Done: 142
[32m[+][0m Cached Requests: 41
[32m[+][0m Data Sent: 38.288 KB
[32m[+][0m Data Received: 128.871 KB
[32m[+][0m Memory used: 189.191 MB
[32m[+][0m Elapsed time: 00:01:16

August 24, 2025 13:28 #4fd9

~$ wpscan --url https://samokat56.ru \ --enumerate u \ --api-token 3hJMhxrXmu3nsaJvYrwTF0dpn7ed5bBOtnmJY5JQLxU \ --disable-tls-checks \ --throttle 1 completed Task ID: ***7af7

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[32m[+][0m URL: https://samokat56.ru/ [45.130.41.110]
[32m[+][0m Started: Sun Aug 24 13:28:28 2025

Interesting Finding(s):

[32m[+][0m Headers
| Interesting Entries:
|  - server: nginx-reuseport/1.21.1
|  - x-powered-by: PHP/8.2.28
| Found By: Headers (Passive Detection)
| Confidence: 100%

[32m[+][0m robots.txt found: https://samokat56.ru/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/
|  - /wp-content/uploads/woocommerce_transient_files/
|  - /wp-content/uploads/woocommerce_uploads/
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[32m[+][0m XML-RPC seems to be enabled: https://samokat56.ru/xmlrpc.php
| Found By: Link Tag (Passive Detection)
| Confidence: 30%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[32m[+][0m WordPress readme found: https://samokat56.ru/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[32m[+][0m The external WP-Cron seems to be enabled: https://samokat56.ru/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[32m[+][0m WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
| Found By: Rss Generator (Passive Detection)
|  - https://samokat56.ru/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
|  - https://samokat56.ru/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

[32m[+][0m WordPress theme in use: woodmart
| Location: https://samokat56.ru/wp-content/themes/woodmart/
| Last Updated: 2025-07-24T18:48:59.000Z
| [33m[!][0m The version is out of date, the latest version is 8.2.7
| Style URL: https://samokat56.ru/wp-content/themes/woodmart/style.css
| Style Name: Woodmart
| Style URI: https://woodmart.xtemos.com/
| Description: ThemeForest Premium Theme...
| Author: XTemos
| Author URI: http://themeforest.net/user/xtemos
|
| Found By: Urls In Homepage (Passive Detection)
|
| [31m[!][0m 6 vulnerabilities identified:
|
| [31m[!][0m Title: WoodMart < 8.0.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.0.4
|     References:
|      - https://wpscan.com/vulnerability/d57ddc55-fbe2-42c0-b60f-af617990eafb
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12333
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538
|
| [31m[!][0m Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Local File Inclusion
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/2bb93e73-c9a5-455d-88ec-9b25f78c15d1
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6746
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/98c1363e-b25d-46fc-b6bf-0285a37f748c
|
| [31m[!][0m Title: WoodMart < 8.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/4aa65ebe-a9be-4ce1-a55b-6c9fab7af20c
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6743
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b881509-572b-4e2d-9e75-defaa2cc32dc
|
| [31m[!][0m Title: Woodmart < 8.2.4 - Unauthenticated Arbitrary Shortcode Execution
|     Fixed in: 8.2.4
|     References:
|      - https://wpscan.com/vulnerability/db674a0e-2277-46cc-a11a-d3b6b59678df
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6744
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd056d29-3bd9-49e4-bcc4-fa487de8a27e
|
| [31m[!][0m Title: WoodMart < 8.2.6 - Unauthenticated Post Disclosure
|     Fixed in: 8.2.6
|     References:
|      - https://wpscan.com/vulnerability/dae804ef-a25d-48e5-9ed8-537ae9c3efe2
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6745
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/3408895e-3418-4f70-8b7c-76f6ba899d11
|
| [31m[!][0m Title: WoodMart < 8.2.7 - Unauthenticated Cart Manipulation
|     Fixed in: 8.2.7
|     References:
|      - https://wpscan.com/vulnerability/1e03e3ca-39aa-4d5a-ab15-3be06872736e
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8097
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/b030aa28-5310-4f69-8b86-7e0b0bae741b
|
| Version: 7.4.3 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://samokat56.ru/wp-content/themes/woodmart/style.css, Match: 'Version: 7.4.3'

[32m[+][0m Enumerating Users (via Passive and Aggressive Methods)

Brute Forcing Author IDs - Time: 00:00:00 <    > (0 / 10)  0.00%  ETA: ??:??:??
Brute Forcing Author IDs - Time: 00:00:01 <    > (1 / 10) 10.00%  ETA: 00:00:13
Brute Forcing Author IDs - Time: 00:00:06 <    > (2 / 10) 20.00%  ETA: 00:00:27
Brute Forcing Author IDs - Time: 00:00:10 <=   > (3 / 10) 30.00%  ETA: 00:00:27
Brute Forcing Author IDs - Time: 00:00:15 <=   > (4 / 10) 40.00%  ETA: 00:00:24
Brute Forcing Author IDs - Time: 00:00:20 <==  > (5 / 10) 50.00%  ETA: 00:00:22
Brute Forcing Author IDs - Time: 00:00:25 <==  > (6 / 10) 60.00%  ETA: 00:00:18
Brute Forcing Author IDs - Time: 00:00:30 <==  > (7 / 10) 70.00%  ETA: 00:00:14
Brute Forcing Author IDs - Time: 00:00:35 <=== > (8 / 10) 80.00%  ETA: 00:00:10
Brute Forcing Author IDs - Time: 00:00:40 <=== > (9 / 10) 90.00%  ETA: 00:00:05
Brute Forcing Author IDs - Time: 00:00:45 <==> (10 / 10) 100.00% Time: 00:00:45

[34m[i][0m User(s) Identified:

[32m[+][0m allanbenston
| Found By: Wp Json Api (Aggressive Detection)
|  - https://samokat56.ru/wp-json/wp/v2/users/?per_page=100&page=1
| Confirmed By:
|  Oembed API - Author URL (Aggressive Detection)
|   - https://samokat56.ru/wp-json/oembed/1.0/embed?url=https://samokat56.ru/&format=json
|  Yoast Seo Author Sitemap (Aggressive Detection)
|   - https://samokat56.ru/author-sitemap.xml
|  Author Id Brute Forcing - Author Pattern (Aggressive Detection)

[32m[+][0m WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 2
| Requests Remaining: 12

[32m[+][0m Finished: Sun Aug 24 13:29:46 2025
[32m[+][0m Requests Done: 66
[32m[+][0m Cached Requests: 7
[32m[+][0m Data Sent: 20.322 KB
[32m[+][0m Data Received: 9.811 MB
[32m[+][0m Memory used: 267.688 MB
[32m[+][0m Elapsed time: 00:01:18

August 24, 2025 13:26 #4fd9

~$ wpscan --url https://samokat56.ru \ --enumerate up,pv,t,tv,cb,dbe \ --api-token 3hJMhxrXmu3nsaJvYrwTF0dpn7ed5bBOtnmJY5JQLxU \ --disable-tls-checks \ --throttle 1 completed Task ID: ***7d55

August 24, 2025 13:25 #4fd9

~$ wpscan --url https://samokat56.ru \ --enumerate u,p,pv,t,tv,cb,dbe \ --api-token 3hJMhxrXmu3nsaJvYrwTF0dpn7ed5bBOtnmJY5JQLxU \ --disable-tls-checks \ --throttle 1 completed Task ID: ***b679

August 24, 2025 13:22 #4fd9

~$ wpscan --url https://samokat56.ru \ --enumerate u,p,pv,t,tv,cb,dbe \ --api-token 3hJMhxrXmu3nsaJvYrwTF0dpn7ed5bBOtnmJY5JQLxU \ --disable-tls-checks \ --throttle 1 completed Task ID: ***0b46

August 20, 2025 18:13 #0997

~$ wpscan --api-token VomZnkzrarZkodcAswMHIRs0T58m5FuahxWMhfj3hYI --url duty-free.cc completed Task ID: ***e9c4

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[32m[+][0m URL: https://duty-free.cc/ [186.2.165.90]
[32m[+][0m Started: Wed Aug 20 18:14:02 2025

Interesting Finding(s):

[32m[+][0m Headers
| Interesting Entries:
|  - server: ddos-guard
|  - content-security-policy: upgrade-insecure-requests;
|  - x-powered-by: PHP/8.3.16
| Found By: Headers (Passive Detection)
| Confidence: 100%

[32m[+][0m robots.txt found: https://duty-free.cc/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[32m[+][0m XML-RPC seems to be enabled: https://duty-free.cc/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[32m[+][0m WordPress readme found: https://duty-free.cc/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[32m[+][0m The external WP-Cron seems to be enabled: https://duty-free.cc/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[32m[+][0m WordPress version 6.7.1 identified (Outdated, released on 2024-11-21).
| Found By: Rss Generator (Passive Detection)
|  - https://duty-free.cc/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>
|  - https://duty-free.cc/comments/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>

[32m[+][0m WordPress theme in use: dute-free
| Location: https://duty-free.cc/wp-content/themes/dute-free/
| Readme: https://duty-free.cc/wp-content/themes/dute-free/readme.txt
| Style URL: https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0
| Style Name: duty-free
| Style URI: #
| Description: Description...
| Author: Zeaz-pixel
| Author URI: https://nostudio.site
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0, Match: 'Version: 1.0.0'

[32m[+][0m Enumerating All Plugins (via Passive Methods)

[34m[i][0m No plugins Found.

[32m[+][0m Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:54
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (13 / 137)  9.48%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (14 / 137) 10.21%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (15 / 137) 10.94%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (17 / 137) 12.40%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (19 / 137) 13.86%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (20 / 137) 14.59%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (21 / 137) 15.32%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (22 / 137) 16.05%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (24 / 137) 17.51%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (25 / 137) 18.24%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (27 / 137) 19.70%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (29 / 137) 21.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (30 / 137) 21.89%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (32 / 137) 23.35%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (34 / 137) 24.81%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (35 / 137) 25.54%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (37 / 137) 27.00%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (39 / 137) 28.46%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (40 / 137) 29.19%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <   > (41 / 137) 29.92%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (42 / 137) 30.65%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <   > (44 / 137) 32.11%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <   > (46 / 137) 33.57%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (47 / 137) 34.30%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (49 / 137) 35.76%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (51 / 137) 37.22%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (53 / 137) 38.68%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (54 / 137) 39.41%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (56 / 137) 40.87%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:01 <=  > (59 / 137) 43.06%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (64 / 137) 46.71%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (69 / 137) 50.36%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (71 / 137) 51.82%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (74 / 137) 54.01%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (76 / 137) 55.47%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (79 / 137) 57.66%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (84 / 137) 61.31%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (89 / 137) 64.96%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:02 <=  > (91 / 137) 66.42%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <== > (94 / 137) 68.61%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <== > (99 / 137) 72.26%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (104 / 137) 75.91%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (109 / 137) 79.56%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (114 / 137) 83.21%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (119 / 137) 86.86%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (124 / 137) 90.51%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:03 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (129 / 137) 94.16%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <=> (137 / 137) 100.00% Time: 00:00:04

[34m[i][0m No Config Backups Found.

[32m[+][0m WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 2
| Requests Remaining: 23

[32m[+][0m Finished: Wed Aug 20 18:14:14 2025
[32m[+][0m Requests Done: 143
[32m[+][0m Cached Requests: 38
[32m[+][0m Data Sent: 49.506 KB
[32m[+][0m Data Received: 114.714 KB
[32m[+][0m Memory used: 283.805 MB
[32m[+][0m Elapsed time: 00:00:11

August 20, 2025 18:11 #0997

~$ wpscan --url duty-free.cc completed Task ID: ***4411

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[32m[+][0m URL: https://duty-free.cc/ [186.2.165.90]
[32m[+][0m Started: Wed Aug 20 18:12:01 2025

Interesting Finding(s):

[32m[+][0m Headers
| Interesting Entries:
|  - server: ddos-guard
|  - content-security-policy: upgrade-insecure-requests;
|  - x-powered-by: PHP/8.3.16
| Found By: Headers (Passive Detection)
| Confidence: 100%

[32m[+][0m robots.txt found: https://duty-free.cc/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[32m[+][0m XML-RPC seems to be enabled: https://duty-free.cc/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[32m[+][0m WordPress readme found: https://duty-free.cc/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[32m[+][0m The external WP-Cron seems to be enabled: https://duty-free.cc/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[32m[+][0m WordPress version 6.7.1 identified (Outdated, released on 2024-11-21).
| Found By: Rss Generator (Passive Detection)
|  - https://duty-free.cc/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>
|  - https://duty-free.cc/comments/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>

[32m[+][0m WordPress theme in use: dute-free
| Location: https://duty-free.cc/wp-content/themes/dute-free/
| Readme: https://duty-free.cc/wp-content/themes/dute-free/readme.txt
| Style URL: https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0
| Style Name: duty-free
| Style URI: #
| Description: Description...
| Author: Zeaz-pixel
| Author URI: https://nostudio.site
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0, Match: 'Version: 1.0.0'

[32m[+][0m Enumerating All Plugins (via Passive Methods)

[34m[i][0m No plugins Found.

[32m[+][0m Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:52
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:27
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:00 <    > (5 / 137)  3.64%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (7 / 137)  5.10%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (10 / 137)  7.29%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (13 / 137)  9.48%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (15 / 137) 10.94%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (17 / 137) 12.40%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (20 / 137) 14.59%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (21 / 137) 15.32%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (22 / 137) 16.05%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (23 / 137) 16.78%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (24 / 137) 17.51%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (25 / 137) 18.24%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (27 / 137) 19.70%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (28 / 137) 20.43%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (29 / 137) 21.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (33 / 137) 24.08%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (34 / 137) 24.81%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (37 / 137) 27.00%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (41 / 137) 29.92%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (44 / 137) 32.11%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (45 / 137) 32.84%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <   > (46 / 137) 33.57%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <=  > (49 / 137) 35.76%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (51 / 137) 37.22%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (54 / 137) 39.41%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (56 / 137) 40.87%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (59 / 137) 43.06%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (64 / 137) 46.71%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (69 / 137) 50.36%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (71 / 137) 51.82%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (74 / 137) 54.01%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (76 / 137) 55.47%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (79 / 137) 57.66%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (84 / 137) 61.31%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (89 / 137) 64.96%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (91 / 137) 66.42%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (94 / 137) 68.61%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (99 / 137) 72.26%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (104 / 137) 75.91%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (109 / 137) 79.56%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (114 / 137) 83.21%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (119 / 137) 86.86%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (124 / 137) 90.51%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (129 / 137) 94.16%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <=> (137 / 137) 100.00% Time: 00:00:04

[34m[i][0m No Config Backups Found.

[33m[!][0m No WPScan API Token given, as a result vulnerability data has not been output.
[33m[!][0m You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[32m[+][0m Finished: Wed Aug 20 18:12:17 2025
[32m[+][0m Requests Done: 171
[32m[+][0m Cached Requests: 6
[32m[+][0m Data Sent: 60.246 KB
[32m[+][0m Data Received: 423.346 KB
[32m[+][0m Memory used: 279.219 MB
[32m[+][0m Elapsed time: 00:00:16