Activity Log

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://duty-free.cc/ [186.2.165.90]
[+] Started: Wed Aug 20 17:34:38 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: ddos-guard
|  - content-security-policy: upgrade-insecure-requests;
|  - x-powered-by: PHP/8.3.16
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://duty-free.cc/robots.txt
| Interesting Entries:
|  - /wp-admin/
|  - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://duty-free.cc/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://duty-free.cc/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://duty-free.cc/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.7.1 identified (Outdated, released on 2024-11-21).
| Found By: Rss Generator (Passive Detection)
|  - https://duty-free.cc/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>
|  - https://duty-free.cc/comments/feed/, <generator>https://wordpress.org/?v=6.7.1</generator>

[+] WordPress theme in use: dute-free
| Location: https://duty-free.cc/wp-content/themes/dute-free/
| Readme: https://duty-free.cc/wp-content/themes/dute-free/readme.txt
| Style URL: https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0
| Style Name: duty-free
| Style URI: #
| Description: Description...
| Author: Zeaz-pixel
| Author URI: https://nostudio.site
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://duty-free.cc/wp-content/themes/dute-free/style.css?ver=1.0.0, Match: 'Version: 1.0.0'

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:51
Checking Config Backups - Time: 00:00:00 <    > (2 / 137)  1.45%  ETA: 00:00:26
Checking Config Backups - Time: 00:00:00 <    > (4 / 137)  2.91%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:00 <    > (6 / 137)  4.37%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:00 <    > (7 / 137)  5.10%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:00 <    > (9 / 137)  6.56%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:00 <   > (11 / 137)  8.02%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <   > (13 / 137)  9.48%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (14 / 137) 10.21%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (16 / 137) 11.67%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (17 / 137) 12.40%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:00 <   > (18 / 137) 13.13%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (19 / 137) 13.86%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (21 / 137) 15.32%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (23 / 137) 16.78%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:00 <   > (24 / 137) 17.51%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (26 / 137) 18.97%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <   > (28 / 137) 20.43%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (29 / 137) 21.16%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (30 / 137) 21.89%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (31 / 137) 22.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (33 / 137) 24.08%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (34 / 137) 24.81%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (35 / 137) 25.54%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (36 / 137) 26.27%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:01 <   > (37 / 137) 27.00%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (41 / 137) 29.92%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:02 <   > (44 / 137) 32.11%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <   > (45 / 137) 32.84%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <   > (46 / 137) 33.57%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (49 / 137) 35.76%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (50 / 137) 36.49%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (51 / 137) 37.22%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (54 / 137) 39.41%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (56 / 137) 40.87%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:02 <=  > (59 / 137) 43.06%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (61 / 137) 44.52%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (64 / 137) 46.71%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (66 / 137) 48.17%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (69 / 137) 50.36%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (71 / 137) 51.82%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:02 <=  > (74 / 137) 54.01%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (76 / 137) 55.47%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:03 <=  > (80 / 137) 58.39%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (81 / 137) 59.12%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (86 / 137) 62.77%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (90 / 137) 65.69%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <=  > (91 / 137) 66.42%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (95 / 137) 69.34%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <== > (96 / 137) 70.07%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:03 <= > (100 / 137) 72.99%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (101 / 137) 73.72%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:03 <= > (104 / 137) 75.91%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (106 / 137) 77.37%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (109 / 137) 79.56%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (111 / 137) 81.02%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (114 / 137) 83.21%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (119 / 137) 86.86%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:04 <= > (124 / 137) 90.51%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (126 / 137) 91.97%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (129 / 137) 94.16%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:04 <=> (137 / 137) 100.00% Time: 00:00:04

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Wed Aug 20 17:34:54 2025
[+] Requests Done: 171
[+] Cached Requests: 6
[+] Data Sent: 59.395 KB
[+] Data Received: 423.463 KB
[+] Memory used: 297.277 MB
[+] Elapsed time: 00:00:15

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

[*] std: Performing General Enumeration against: btc.viabtc.io...
[-] DNSSEC is not configured for btc.viabtc.io
[*] 	 SOA brenda.ns.cloudflare.com 172.64.32.77
[*] 	 SOA brenda.ns.cloudflare.com 173.245.58.77
[*] 	 SOA brenda.ns.cloudflare.com 108.162.192.77
[*] 	 SOA brenda.ns.cloudflare.com 2606:4700:50::adf5:3a4d
[*] 	 SOA brenda.ns.cloudflare.com 2a06:98c1:50::ac40:204d
[*] 	 SOA brenda.ns.cloudflare.com 2803:f800:50::6ca2:c04d
[*] 	 CNAME btc.viabtc.io 2cddb48050f840aba73f826849829d84.pacloudflare.com
[*] 	 A 2cddb48050f840aba73f826849829d84.pacloudflare.com 172.65.24.253
[*] Enumerating SRV Records
[-] No SRV Records Found for btc.viabtc.io

Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-13 15:56 UTC
Nmap scan report for ip-00d1.rusanovka-net.kiev.ua (94.244.0.209)
Host is up (0.14s latency).
Not shown: 999 closed tcp ports (reset)
PORT   STATE    SERVICE
25/tcp filtered smtp

Nmap done: 1 IP address (1 host up) scanned in 14.10 seconds

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

Usage: wpscan [options]
--url URL                                 The URL of the blog to scan
Allowed Protocols: http, https
Default Protocol if none provided: http
This option is mandatory unless update or help or hh or version is/are supplied
-h, --help                                    Display the simple help and exit
--hh                                      Display the full help and exit
--version                                 Display the version and exit
-v, --verbose                                 Verbose mode
--[no-]banner                             Whether or not to display the banner
Default: true
-o, --output FILE                             Output to FILE
-f, --format FORMAT                           Output results in the format supplied
Available choices: cli-no-colour, cli-no-color, json, cli
--detection-mode MODE                     Default: mixed
Available choices: mixed, passive, aggressive
--user-agent, --ua VALUE
--random-user-agent, --rua                Use a random user-agent for each scan
--http-auth login:password
-t, --max-threads VALUE                       The max threads to use
Default: 5
--throttle MilliSeconds                   Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
--request-timeout SECONDS                 The request timeout in seconds
Default: 60
--connect-timeout SECONDS                 The connection timeout in seconds
Default: 30
--disable-tls-checks                      Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
--proxy protocol://IP:port                Supported protocols depend on the cURL installed
--proxy-auth login:password
--cookie-string COOKIE                    Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
--cookie-jar FILE-PATH                    File to read and write cookies
Default: /tmp/wpscan/cookie_jar.txt
--force                                   Do not check if the target is running WordPress or returns a 403
--[no-]update                             Whether or not to update the Database
--api-token TOKEN                         The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
--wp-content-dir DIR                      The wp-content directory if custom or not detected, such as "wp-content"
--wp-plugins-dir DIR                      The plugins directory if custom or not detected, such as "wp-content/plugins"
-e, --enumerate [OPTS]                        Enumeration Process
Available Choices:
vp   Vulnerable plugins
ap   All plugins
p    Popular plugins
vt   Vulnerable themes
at   All themes
t    Popular themes
tt   Timthumbs
cb   Config backups
dbe  Db exports
u    User IDs range. e.g: u1-5
Range separator to use: '-'
Value if no argument supplied: 1-10
m    Media IDs range. e.g m1-15
Note: Permalink setting must be set to "Plain" for those to be detected
Range separator to use: '-'
Value if no argument supplied: 1-100
Separator to use between the values: ','
Default: All Plugins, Config Backups
Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
Incompatible choices (only one of each group/s can be used):
- vp, ap, p
- vt, at, t
--exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
Both the headers and body are checked. Regexp delimiters are not required.
--plugins-detection MODE                  Use the supplied mode to enumerate Plugins.
Default: passive
Available choices: mixed, passive, aggressive
--plugins-version-detection MODE          Use the supplied mode to check plugins' versions.
Default: mixed
Available choices: mixed, passive, aggressive
--exclude-usernames REGEXP_OR_STRING      Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
If no --username/s option supplied, user enumeration will be run.
-U, --usernames LIST                          List of usernames to use during the password attack.
Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
--multicall-max-passwords MAX_PWD         Maximum number of passwords to send by request with XMLRPC multicall
Default: 500
--password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.
Multicall will only work against WP < 4.4
Available choices: wp-login, xmlrpc, xmlrpc-multicall
--login-uri URI                           The URI of the login page if different from /wp-login.php
--stealthy                                Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive

[!] To see full list of options use --hh.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed inside container.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽
Scan Aborted: SIGTERM
Trace: /usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `getc'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:256:in `block (2 levels) in cursor_pos'
<internal:kernel>:187:in `loop'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:255:in `block in cursor_pos'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:252:in `cursor_pos'
/usr/lib/ruby/3.3.0/reline.rb:424:in `may_req_ambiguous_char_width'
/usr/lib/ruby/3.3.0/reline.rb:310:in `inner_readline'
/usr/lib/ruby/3.3.0/reline.rb:280:in `block (2 levels) in readline'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `block in with_raw_input'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `raw'
/usr/lib/ruby/3.3.0/reline/io/ansi.rb:164:in `with_raw_input'
/usr/lib/ruby/3.3.0/reline.rb:279:in `block in readline'
/usr/lib/ruby/3.3.0/reline.rb:278:in `synchronize'
/usr/lib/ruby/3.3.0/reline.rb:278:in `readline'
/usr/lib/ruby/3.3.0/forwardable.rb:240:in `readline'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:42:in `update_db_required?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/controllers/core.rb:57:in `before_scan'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:46:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: http://xn--c1aow3c.xn--p1ai/ [82.202.165.238]
[+] Started: Sun Jul 20 17:35:49 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - Server: nginx/1.11.9
|  - X-Powered-By: PHP/8.1.12
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: http://xn--c1aow3c.xn--p1ai/robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] WordPress readme found: http://xn--c1aow3c.xn--p1ai/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] Upload directory has listing enabled: http://xn--c1aow3c.xn--p1ai/wp-content/uploads/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] WordPress version 6.5.3 identified (Insecure, released on 2024-05-07).
| Found By: Emoji Settings (Passive Detection)
|  - http://xn--c1aow3c.xn--p1ai/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.3'
| Confirmed By: Meta Generator (Passive Detection)
|  - http://xn--c1aow3c.xn--p1ai/, Match: 'WordPress 6.5.3'
|
| [!] 3 vulnerabilities identified:
|
| [!] Title: WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API
|     Fixed in: 6.5.5
|     References:
|      - https://wpscan.com/vulnerability/2c63f136-4c1f-4093-9a8c-5e51f19eae28
|      - https://wordpress.org/news/2024/06/wordpress-6-5-5/
|
| [!] Title: WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block
|     Fixed in: 6.5.5
|     References:
|      - https://wpscan.com/vulnerability/7c448f6d-4531-4757-bff0-be9e3220bbbb
|      - https://wordpress.org/news/2024/06/wordpress-6-5-5/
|
| [!] Title: WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block
|     Fixed in: 6.5.5
|     References:
|      - https://wpscan.com/vulnerability/36232787-754a-4234-83d6-6ded5e80251c
|      - https://wordpress.org/news/2024/06/wordpress-6-5-5/

[+] WordPress theme in use: ГАПОУ ТГЮК ild
| Location: http://xn--c1aow3c.xn--p1ai/wp-content/themes/%25D0%2593%25D0%2590%25D0%259F%25D0%259E%25D0%25A3%2520%25D0%25A2%25D0%2593%25D0%25AE%25D0%259A%2520ild/
| Style URL: http://xn--c1aow3c.xn--p1ai/wp-content/themes/%D0%93%D0%90%D0%9F%D0%9E%D0%A3%20%D0%A2%D0%93%D0%AE%D0%9A%20ild/style.css?ver=6.5.3
| Style Name: ГАПОУ ТГЮК тема
| Author: Шакиров Э.
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/themes/%D0%93%D0%90%D0%9F%D0%9E%D0%A3%20%D0%A2%D0%93%D0%AE%D0%9A%20ild/style.css?ver=6.5.3, Match: 'Version: 1.0'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] button-visually-impaired
| Location: http://xn--c1aow3c.xn--p1ai/wp-content/plugins/button-visually-impaired/
| Latest Version: 2.3.0 (up to date)
| Last Updated: 2021-09-01T15:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.3.0 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/button-visually-impaired/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/button-visually-impaired/readme.txt

[+] contact-form-7
| Location: http://xn--c1aow3c.xn--p1ai/wp-content/plugins/contact-form-7/
| Last Updated: 2025-06-26T09:17:00.000Z
| [!] The version is out of date, the latest version is 6.1
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Contact Form 7 < 6.0.6 - Order Replay Vulnerability
|     Fixed in: 6.0.6
|     References:
|      - https://wpscan.com/vulnerability/7dbafbe2-abbc-4191-a587-afa89c2f7421
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3247
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/38257dbf-288e-4028-af65-85f5389888ac
|
| Version: 5.9.5 (90% confidence)
| Found By: Query Parameter (Passive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.9.5
| Confirmed By: Readme - Stable Tag (Aggressive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/contact-form-7/readme.txt

[+] simply-gallery-block
| Location: http://xn--c1aow3c.xn--p1ai/wp-content/plugins/simply-gallery-block/
| Last Updated: 2025-04-21T16:27:00.000Z
| [!] The version is out of date, the latest version is 3.2.6
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 3 vulnerabilities identified:
|
| [!] Title: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery < 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters
|     Fixed in: 3.2.2
|     References:
|      - https://wpscan.com/vulnerability/de3cac10-a38a-45c8-a7c0-d9a1bb5eace8
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5424
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e7bd708-2e82-4fef-85f2-bf4f56f66bc4
|
| [!] Title: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery < 3.2.4.3 - Authenticated (Editor+) Stored Cross-Site Scripting
|     Fixed in: 3.2.4.3
|     References:
|      - https://wpscan.com/vulnerability/680da841-63ec-4fa4-96bc-ee6e5326c241
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10034
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/89bd70b2-0b5f-4edb-890b-d291bdb8a851
|
| [!] Title: Gallery Blocks with Lightbox < 3.2.6 - Contributor+ Stored XSS
|     Fixed in: 3.2.6
|     References:
|      - https://wpscan.com/vulnerability/4d368571-49df-41ca-b2d8-dab1a522717e
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32176
|      - https://patchstack.com/database/wordpress/plugin/simply-gallery-block/vulnerability/wordpress-gallery-blocks-with-lightbox-plugin-3-2-5-stored-cross-site-scripting-xss-vulnerability
|
| Version: 3.2.1 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/simply-gallery-block/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/simply-gallery-block/readme.txt

[+] wordpress-seo
| Location: http://xn--c1aow3c.xn--p1ai/wp-content/plugins/wordpress-seo/
| Last Updated: 2025-07-15T08:38:00.000Z
| [!] The version is out of date, the latest version is 25.5
|
| Found By: Comment (Passive Detection)
|
| Version: 22.7 (100% confidence)
| Found By: Comment (Passive Detection)
|  - http://xn--c1aow3c.xn--p1ai/, Match: 'optimized with the Yoast SEO plugin v22.7 -'
| Confirmed By:
|  Readme - Stable Tag (Aggressive Detection)
|   - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/wordpress-seo/readme.txt
|  Readme - ChangeLog Section (Aggressive Detection)
|   - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/wordpress-seo/readme.txt

[+] wp-featherlight
| Location: http://xn--c1aow3c.xn--p1ai/wp-content/plugins/wp-featherlight/
| Latest Version: 1.3.4 (up to date)
| Last Updated: 2020-12-08T02:25:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library
|     References:
|      - https://wpscan.com/vulnerability/c12d2e0d-dc71-4eb4-8c91-a96dcdaf111f
|      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5667
|      - https://www.wordfence.com/threat-intel/vulnerabilities/id/44b173da-a6b9-424c-95a1-a87a9b8ee4af
|
| Version: 1.3.4 (100% confidence)
| Found By: Query Parameter (Passive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/wp-featherlight/css/wp-featherlight.min.css?ver=1.3.4
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/wp-featherlight/js/wpFeatherlight.pkgd.min.js?ver=1.3.4
| Confirmed By: Readme - Stable Tag (Aggressive Detection)
|  - http://xn--c1aow3c.xn--p1ai/wp-content/plugins/wp-featherlight/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:02:12
Checking Config Backups - Time: 00:00:05 <    > (2 / 137)  1.45%  ETA: 00:06:03
Checking Config Backups - Time: 00:00:05 <    > (3 / 137)  2.18%  ETA: 00:04:06
Checking Config Backups - Time: 00:00:06 <    > (6 / 137)  4.37%  ETA: 00:02:26
Checking Config Backups - Time: 00:00:07 <    > (7 / 137)  5.10%  ETA: 00:02:15
Checking Config Backups - Time: 00:00:07 <    > (8 / 137)  5.83%  ETA: 00:02:07
Checking Config Backups - Time: 00:00:08 <    > (9 / 137)  6.56%  ETA: 00:02:00
Checking Config Backups - Time: 00:00:08 <   > (10 / 137)  7.29%  ETA: 00:01:54
Checking Config Backups - Time: 00:00:09 <   > (11 / 137)  8.02%  ETA: 00:01:50
Checking Config Backups - Time: 00:00:10 <   > (12 / 137)  8.75%  ETA: 00:01:46
Checking Config Backups - Time: 00:00:10 <   > (13 / 137)  9.48%  ETA: 00:01:42
Checking Config Backups - Time: 00:00:10 <   > (14 / 137) 10.21%  ETA: 00:01:34
Checking Config Backups - Time: 00:00:11 <   > (15 / 137) 10.94%  ETA: 00:01:33
Checking Config Backups - Time: 00:00:12 <   > (16 / 137) 11.67%  ETA: 00:01:32
Checking Config Backups - Time: 00:00:12 <   > (17 / 137) 12.40%  ETA: 00:01:32
Checking Config Backups - Time: 00:00:13 <   > (18 / 137) 13.13%  ETA: 00:01:33
Checking Config Backups - Time: 00:00:14 <   > (19 / 137) 13.86%  ETA: 00:01:31
Checking Config Backups - Time: 00:00:15 <   > (20 / 137) 14.59%  ETA: 00:01:29
Checking Config Backups - Time: 00:00:15 <   > (21 / 137) 15.32%  ETA: 00:01:28
Checking Config Backups - Time: 00:00:16 <   > (22 / 137) 16.05%  ETA: 00:01:27
Checking Config Backups - Time: 00:00:17 <   > (23 / 137) 16.78%  ETA: 00:01:26
Checking Config Backups - Time: 00:00:17 <   > (24 / 137) 17.51%  ETA: 00:01:25
Checking Config Backups - Time: 00:00:18 <   > (25 / 137) 18.24%  ETA: 00:01:24
Checking Config Backups - Time: 00:00:19 <   > (26 / 137) 18.97%  ETA: 00:01:23
Checking Config Backups - Time: 00:00:19 <   > (27 / 137) 19.70%  ETA: 00:01:22
Checking Config Backups - Time: 00:00:20 <   > (28 / 137) 20.43%  ETA: 00:01:20
Checking Config Backups - Time: 00:00:21 <   > (29 / 137) 21.16%  ETA: 00:01:19
Checking Config Backups - Time: 00:00:21 <   > (30 / 137) 21.89%  ETA: 00:01:18
Checking Config Backups - Time: 00:00:22 <   > (31 / 137) 22.62%  ETA: 00:01:17
Checking Config Backups - Time: 00:00:23 <   > (32 / 137) 23.35%  ETA: 00:01:16
Checking Config Backups - Time: 00:00:23 <   > (33 / 137) 24.08%  ETA: 00:01:15
Checking Config Backups - Time: 00:00:24 <   > (34 / 137) 24.81%  ETA: 00:01:14
Checking Config Backups - Time: 00:00:25 <   > (35 / 137) 25.54%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:25 <   > (36 / 137) 26.27%  ETA: 00:01:13
Checking Config Backups - Time: 00:00:28 <   > (37 / 137) 27.00%  ETA: 00:01:18
Checking Config Backups - Time: 00:00:30 <   > (41 / 137) 29.92%  ETA: 00:01:11
Checking Config Backups - Time: 00:00:31 <   > (42 / 137) 30.65%  ETA: 00:01:12
Checking Config Backups - Time: 00:00:32 <   > (43 / 137) 31.38%  ETA: 00:01:11
Checking Config Backups - Time: 00:00:32 <   > (44 / 137) 32.11%  ETA: 00:01:09
Checking Config Backups - Time: 00:00:33 <   > (45 / 137) 32.84%  ETA: 00:01:08
Checking Config Backups - Time: 00:00:33 <   > (46 / 137) 33.57%  ETA: 00:01:07
Checking Config Backups - Time: 00:00:34 <=  > (47 / 137) 34.30%  ETA: 00:01:06
Checking Config Backups - Time: 00:00:35 <=  > (48 / 137) 35.03%  ETA: 00:01:05
Checking Config Backups - Time: 00:00:35 <=  > (49 / 137) 35.76%  ETA: 00:01:05
Checking Config Backups - Time: 00:00:36 <=  > (50 / 137) 36.49%  ETA: 00:01:04
Checking Config Backups - Time: 00:00:37 <=  > (51 / 137) 37.22%  ETA: 00:01:03
Checking Config Backups - Time: 00:00:38 <=  > (52 / 137) 37.95%  ETA: 00:01:03
Checking Config Backups - Time: 00:00:39 <=  > (53 / 137) 38.68%  ETA: 00:01:02
Checking Config Backups - Time: 00:00:39 <=  > (54 / 137) 39.41%  ETA: 00:01:02
Checking Config Backups - Time: 00:00:40 <=  > (55 / 137) 40.14%  ETA: 00:01:01
Checking Config Backups - Time: 00:00:41 <=  > (56 / 137) 40.87%  ETA: 00:01:00
Checking Config Backups - Time: 00:00:41 <=  > (57 / 137) 41.60%  ETA: 00:00:59
Checking Config Backups - Time: 00:00:42 <=  > (58 / 137) 42.33%  ETA: 00:00:58
Checking Config Backups - Time: 00:00:43 <=  > (59 / 137) 43.06%  ETA: 00:00:57
Checking Config Backups - Time: 00:00:43 <=  > (60 / 137) 43.79%  ETA: 00:00:56
Checking Config Backups - Time: 00:00:44 <=  > (61 / 137) 44.52%  ETA: 00:00:55
Checking Config Backups - Time: 00:00:44 <=  > (62 / 137) 45.25%  ETA: 00:00:55
Checking Config Backups - Time: 00:00:45 <=  > (63 / 137) 45.98%  ETA: 00:00:54
Checking Config Backups - Time: 00:00:46 <=  > (64 / 137) 46.71%  ETA: 00:00:53
Checking Config Backups - Time: 00:00:46 <=  > (65 / 137) 47.44%  ETA: 00:00:52
Checking Config Backups - Time: 00:00:47 <=  > (66 / 137) 48.17%  ETA: 00:00:51
Checking Config Backups - Time: 00:00:47 <=  > (67 / 137) 48.90%  ETA: 00:00:50
Checking Config Backups - Time: 00:00:48 <=  > (68 / 137) 49.63%  ETA: 00:00:49
Checking Config Backups - Time: 00:00:49 <=  > (69 / 137) 50.36%  ETA: 00:00:49
Checking Config Backups - Time: 00:00:49 <=  > (70 / 137) 51.09%  ETA: 00:00:48
Checking Config Backups - Time: 00:00:50 <=  > (71 / 137) 51.82%  ETA: 00:00:47
Checking Config Backups - Time: 00:00:50 <=  > (72 / 137) 52.55%  ETA: 00:00:46
Checking Config Backups - Time: 00:00:51 <=  > (73 / 137) 53.28%  ETA: 00:00:45
Checking Config Backups - Time: 00:00:52 <=  > (74 / 137) 54.01%  ETA: 00:00:45
Checking Config Backups - Time: 00:00:52 <=  > (75 / 137) 54.74%  ETA: 00:00:44
Checking Config Backups - Time: 00:00:53 <=  > (76 / 137) 55.47%  ETA: 00:00:43
Checking Config Backups - Time: 00:00:53 <=  > (77 / 137) 56.20%  ETA: 00:00:42
Checking Config Backups - Time: 00:00:54 <=  > (78 / 137) 56.93%  ETA: 00:00:41
Checking Config Backups - Time: 00:00:55 <=  > (79 / 137) 57.66%  ETA: 00:00:41
Checking Config Backups - Time: 00:00:55 <=  > (80 / 137) 58.39%  ETA: 00:00:40
Checking Config Backups - Time: 00:00:56 <=  > (81 / 137) 59.12%  ETA: 00:00:39
Checking Config Backups - Time: 00:00:56 <=  > (82 / 137) 59.85%  ETA: 00:00:38
Checking Config Backups - Time: 00:00:57 <=  > (83 / 137) 60.58%  ETA: 00:00:38
Checking Config Backups - Time: 00:00:58 <=  > (84 / 137) 61.31%  ETA: 00:00:37
Checking Config Backups - Time: 00:00:58 <=  > (85 / 137) 62.04%  ETA: 00:00:36
Checking Config Backups - Time: 00:00:59 <=  > (86 / 137) 62.77%  ETA: 00:00:35
Checking Config Backups - Time: 00:00:59 <=  > (87 / 137) 63.50%  ETA: 00:00:35
Checking Config Backups - Time: 00:01:00 <=  > (88 / 137) 64.23%  ETA: 00:00:34
Checking Config Backups - Time: 00:01:01 <=  > (89 / 137) 64.96%  ETA: 00:00:33
Checking Config Backups - Time: 00:01:01 <=  > (90 / 137) 65.69%  ETA: 00:00:32
Checking Config Backups - Time: 00:01:02 <=  > (91 / 137) 66.42%  ETA: 00:00:32
Checking Config Backups - Time: 00:01:02 <== > (92 / 137) 67.15%  ETA: 00:00:31
Checking Config Backups - Time: 00:01:03 <== > (93 / 137) 67.88%  ETA: 00:00:30
Checking Config Backups - Time: 00:01:03 <== > (94 / 137) 68.61%  ETA: 00:00:29
Checking Config Backups - Time: 00:01:04 <== > (95 / 137) 69.34%  ETA: 00:00:29
Checking Config Backups - Time: 00:01:05 <== > (96 / 137) 70.07%  ETA: 00:00:28
Checking Config Backups - Time: 00:01:05 <== > (97 / 137) 70.80%  ETA: 00:00:27
Checking Config Backups - Time: 00:01:06 <== > (98 / 137) 71.53%  ETA: 00:00:27
Checking Config Backups - Time: 00:01:07 <== > (99 / 137) 72.26%  ETA: 00:00:26
Checking Config Backups - Time: 00:01:07 <= > (100 / 137) 72.99%  ETA: 00:00:25
Checking Config Backups - Time: 00:01:08 <= > (101 / 137) 73.72%  ETA: 00:00:24
Checking Config Backups - Time: 00:01:08 <= > (102 / 137) 74.45%  ETA: 00:00:24
Checking Config Backups - Time: 00:01:09 <= > (103 / 137) 75.18%  ETA: 00:00:23
Checking Config Backups - Time: 00:01:10 <= > (104 / 137) 75.91%  ETA: 00:00:22
Checking Config Backups - Time: 00:01:10 <= > (105 / 137) 76.64%  ETA: 00:00:22
Checking Config Backups - Time: 00:01:11 <= > (106 / 137) 77.37%  ETA: 00:00:21
Checking Config Backups - Time: 00:01:11 <= > (107 / 137) 78.10%  ETA: 00:00:20
Checking Config Backups - Time: 00:01:12 <= > (108 / 137) 78.83%  ETA: 00:00:20
Checking Config Backups - Time: 00:01:12 <= > (109 / 137) 79.56%  ETA: 00:00:19
Checking Config Backups - Time: 00:01:13 <= > (110 / 137) 80.29%  ETA: 00:00:18
Checking Config Backups - Time: 00:01:14 <= > (111 / 137) 81.02%  ETA: 00:00:17
Checking Config Backups - Time: 00:01:14 <= > (112 / 137) 81.75%  ETA: 00:00:17
Checking Config Backups - Time: 00:01:15 <= > (113 / 137) 82.48%  ETA: 00:00:16
Checking Config Backups - Time: 00:01:15 <= > (114 / 137) 83.21%  ETA: 00:00:15
Checking Config Backups - Time: 00:01:16 <= > (115 / 137) 83.94%  ETA: 00:00:15
Checking Config Backups - Time: 00:01:16 <= > (116 / 137) 84.67%  ETA: 00:00:14
Checking Config Backups - Time: 00:01:17 <= > (117 / 137) 85.40%  ETA: 00:00:13
Checking Config Backups - Time: 00:01:18 <= > (118 / 137) 86.13%  ETA: 00:00:13
Checking Config Backups - Time: 00:01:18 <= > (119 / 137) 86.86%  ETA: 00:00:12
Checking Config Backups - Time: 00:01:19 <= > (120 / 137) 87.59%  ETA: 00:00:11
Checking Config Backups - Time: 00:01:19 <= > (121 / 137) 88.32%  ETA: 00:00:11
Checking Config Backups - Time: 00:01:20 <= > (122 / 137) 89.05%  ETA: 00:00:10
Checking Config Backups - Time: 00:01:21 <= > (123 / 137) 89.78%  ETA: 00:00:09
Checking Config Backups - Time: 00:01:21 <= > (124 / 137) 90.51%  ETA: 00:00:09
Checking Config Backups - Time: 00:01:22 <= > (125 / 137) 91.24%  ETA: 00:00:08
Checking Config Backups - Time: 00:01:22 <= > (126 / 137) 91.97%  ETA: 00:00:07
Checking Config Backups - Time: 00:01:23 <= > (127 / 137) 92.70%  ETA: 00:00:07
Checking Config Backups - Time: 00:01:24 <= > (128 / 137) 93.43%  ETA: 00:00:06
Checking Config Backups - Time: 00:01:24 <= > (129 / 137) 94.16%  ETA: 00:00:05
Checking Config Backups - Time: 00:01:25 <= > (130 / 137) 94.89%  ETA: 00:00:05
Checking Config Backups - Time: 00:01:26 <= > (131 / 137) 95.62%  ETA: 00:00:04
Checking Config Backups - Time: 00:01:26 <= > (132 / 137) 96.35%  ETA: 00:00:03
Checking Config Backups - Time: 00:01:27 <= > (133 / 137) 97.08%  ETA: 00:00:03
Checking Config Backups - Time: 00:01:27 <= > (134 / 137) 97.81%  ETA: 00:00:02
Checking Config Backups - Time: 00:01:28 <= > (135 / 137) 98.54%  ETA: 00:00:01
Checking Config Backups - Time: 00:01:29 <= > (136 / 137) 99.27%  ETA: 00:00:01
Checking Config Backups - Time: 00:01:29 <=> (137 / 137) 100.00% Time: 00:01:29

[i] No Config Backups Found.

[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 10
| Requests Remaining: 19

[+] Finished: Sun Jul 20 17:38:00 2025
[+] Requests Done: 195
[+] Cached Requests: 7
[+] Data Sent: 67.839 KB
[+] Data Received: 843.039 KB
[+] Memory used: 292.844 MB
[+] Elapsed time: 00:02:11

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________


Scan Aborted: The url supplied 'https://http//%D1%82%D0%B3%D1%8E%D0%BA.%D1%80%D1%84/' seems to be down (Could not resolve hostname)

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

Read proxies.yaml from /etc/theHarvester/proxies.yaml
*******************************************************************
*  _   _                                            _             *
* | |_| |__   ___    /\  /\__ _ _ ____   _____  ___| |_ ___ _ __  *
* | __|  _ \ / _ \  / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | |  __/ / __  / (_| | |   \ V /  __/\__ \ ||  __/ |    *
*  \__|_| |_|\___| \/ /_/ \__,_|_|    \_/ \___||___/\__\___|_|    *
*                                                                 *
* theHarvester 4.8.0                                              *
* Coded by Christian Martorella                                   *
* Edge-Security Research                                          *
* [email protected]                                   *
*                                                                 *
*******************************************************************
usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-p] [-s]
[--screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t]
[-r [DNS_RESOLVE]] [-n] [-c] [-f FILENAME] [-w WORDLIST]
[-a] [-q] [-b SOURCE]

theHarvester is used to gather open source intelligence (OSINT) on a company
or domain.

options:
-h, --help            show this help message and exit
-d, --domain DOMAIN   Company name or domain to search.
-l, --limit LIMIT     Limit the number of search results, default=500.
-S, --start START     Start with result number X, default=0.
-p, --proxies         Use proxies for requests, enter proxies in
proxies.yaml.
-s, --shodan          Use Shodan to query discovered hosts.
--screenshot SCREENSHOT
Take screenshots of resolved domains specify output
directory: --screenshot output_directory
-v, --virtual-host    Verify host name via DNS resolution and search for
virtual hosts.
-e, --dns-server DNS_SERVER
DNS server to use for lookup.
-t, --take-over       Check for takeovers.
-r, --dns-resolve [DNS_RESOLVE]
Perform DNS resolution on subdomains with a resolver
list or passed in resolvers, default False.
-n, --dns-lookup      Enable DNS server lookup, default False.
-c, --dns-brute       Perform a DNS brute force on the domain.
-f, --filename FILENAME
Save the results to an XML and JSON file.
-w, --wordlist WORDLIST
Specify a wordlist for API endpoint scanning.
-a, --api-scan        Scan for API endpoints.
-q, --quiet           Suppress missing API key warnings.
-b, --source SOURCE   baidu, bevigil, bing, bingapi, brave, bufferoverun,
censys, certspotter, criminalip, crtsh, dehashed,
dnsdumpster, duckduckgo, fullhunt, github-code,
hackertarget, hunter, hunterhow, intelx, netlas,
onyphe, otx, pentesttools, projectdiscovery, rapiddns,
rocketreach, securityTrails, sitedossier,
subdomaincenter, subdomainfinderc99, threatminer,
tomba, urlscan, virustotal, yahoo, whoisxml, zoomeye,
venacus

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://www.kaunas.click/ [173.236.157.13]
[+] Effective URL: https://www.kaunas.click/wp-login.php
[+] Started: Tue Jun 17 10:58:20 2025

Interesting Finding(s):

[+] Headers
| Interesting Entries:
|  - server: nginx
|  - referrer-policy: strict-origin-when-cross-origin, no-referrer-when-downgrade
|  - x-cache-status: BYPASS
|  - x-rocket-nginx-serving-static: MISS
|  - content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: https://www.kaunas.click/robots.txt
| Interesting Entries:
|  - /wp-content/uploads/wc-logs/

|  - /wp-content/uploads/woocommerce_transient_files/

|  - /wp-content/uploads/woocommerce_uploads/

|  - /wp-admin/

|  - /wp-admin/admin-ajax.php

| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: https://www.kaunas.click/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
|  - http://codex.wordpress.org/XML-RPC_Pingback_API
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
|  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
|  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://www.kaunas.click/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://www.kaunas.click/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
|  - https://www.iplocation.net/defend-wordpress-from-ddos
|  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.8.1 identified (Latest, released on 2025-04-30).
| Found By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
|  - https://www.kaunas.click/wp-includes/css/dashicons.min.css?ver=6.8.1
| Confirmed By:
|  Common Wp Includes Query Parameter In Homepage (Passive Detection)
|   - https://www.kaunas.click/wp-includes/css/buttons.min.css?ver=6.8.1
|   - https://www.kaunas.click/wp-includes/js/wp-util.min.js?ver=6.8.1
|  Rss Generator (Aggressive Detection)
|   - https://www.kaunas.click/feed/, <generator>https://wordpress.org/?v=6.8.1</generator>
|   - https://www.kaunas.click/comments/feed/, <generator>https://wordpress.org/?v=6.8.1</generator>

[+] WordPress theme in use: alliance
| Location: https://www.kaunas.click/wp-content/themes/alliance/
| Readme: https://www.kaunas.click/wp-content/themes/alliance/readme.txt
| Style URL: https://www.kaunas.click/wp-content/themes/alliance/style.css
| Style Name: Alliance
| Style URI: https://alliance.themerex.net/
| Description: Alliance is a Premium WordPress theme that has built-in support for popular Page Builders, slider wi...
| Author: ThemeREX
| Author URI: https://themerex.net/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.11.0 (80% confidence)
| Found By: Style (Passive Detection)
|  - https://www.kaunas.click/wp-content/themes/alliance/style.css, Match: 'Version: 3.11.0'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] the-events-calendar
| Location: https://www.kaunas.click/wp-content/plugins/the-events-calendar/
| Latest Version: 6.13.2.1 (up to date)
| Last Updated: 2025-06-06T00:48:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 6.13.2.1 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
|  - https://www.kaunas.click/wp-content/plugins/the-events-calendar/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups - Time: 00:00:00 <    > (0 / 137)  0.00%  ETA: ??:??:??
Checking Config Backups - Time: 00:00:00 <    > (1 / 137)  0.72%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:00 <    > (3 / 137)  2.18%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:00 <    > (5 / 137)  3.64%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:01 <    > (7 / 137)  5.10%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:01 <    > (8 / 137)  5.83%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:01 <    > (9 / 137)  6.56%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:01 <   > (11 / 137)  8.02%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:01 <   > (12 / 137)  8.75%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:02 <   > (13 / 137)  9.48%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:02 <   > (15 / 137) 10.94%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:02 <   > (16 / 137) 11.67%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:02 <   > (17 / 137) 12.40%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:02 <   > (18 / 137) 13.13%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:02 <   > (19 / 137) 13.86%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:03 <   > (20 / 137) 14.59%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:03 <   > (21 / 137) 15.32%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:03 <   > (22 / 137) 16.05%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:04 <   > (23 / 137) 16.78%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:04 <   > (24 / 137) 17.51%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:04 <   > (25 / 137) 18.24%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:05 <   > (26 / 137) 18.97%  ETA: 00:00:23
Checking Config Backups - Time: 00:00:05 <   > (27 / 137) 19.70%  ETA: 00:00:22
Checking Config Backups - Time: 00:00:05 <   > (29 / 137) 21.16%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:05 <   > (30 / 137) 21.89%  ETA: 00:00:21
Checking Config Backups - Time: 00:00:05 <   > (31 / 137) 22.62%  ETA: 00:00:20
Checking Config Backups - Time: 00:00:05 <   > (32 / 137) 23.35%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:05 <   > (33 / 137) 24.08%  ETA: 00:00:19
Checking Config Backups - Time: 00:00:05 <   > (34 / 137) 24.81%  ETA: 00:00:18
Checking Config Backups - Time: 00:00:05 <   > (35 / 137) 25.54%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:05 <   > (36 / 137) 26.27%  ETA: 00:00:17
Checking Config Backups - Time: 00:00:06 <   > (37 / 137) 27.00%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (38 / 137) 27.73%  ETA: 00:00:16
Checking Config Backups - Time: 00:00:06 <   > (39 / 137) 28.46%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (40 / 137) 29.19%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (41 / 137) 29.92%  ETA: 00:00:15
Checking Config Backups - Time: 00:00:06 <   > (42 / 137) 30.65%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:06 <   > (43 / 137) 31.38%  ETA: 00:00:14
Checking Config Backups - Time: 00:00:06 <   > (44 / 137) 32.11%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:06 <   > (45 / 137) 32.84%  ETA: 00:00:13
Checking Config Backups - Time: 00:00:06 <=  > (47 / 137) 34.30%  ETA: 00:00:12
Checking Config Backups - Time: 00:00:06 <=  > (50 / 137) 36.49%  ETA: 00:00:11
Checking Config Backups - Time: 00:00:06 <=  > (53 / 137) 38.68%  ETA: 00:00:10
Checking Config Backups - Time: 00:00:06 <=  > (56 / 137) 40.87%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:06 <=  > (59 / 137) 43.06%  ETA: 00:00:09
Checking Config Backups - Time: 00:00:06 <=  > (62 / 137) 45.25%  ETA: 00:00:08
Checking Config Backups - Time: 00:00:06 <=  > (66 / 137) 48.17%  ETA: 00:00:07
Checking Config Backups - Time: 00:00:06 <=  > (70 / 137) 51.09%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:06 <=  > (74 / 137) 54.01%  ETA: 00:00:06
Checking Config Backups - Time: 00:00:06 <=  > (78 / 137) 56.93%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:06 <=  > (82 / 137) 59.85%  ETA: 00:00:05
Checking Config Backups - Time: 00:00:06 <=  > (86 / 137) 62.77%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:06 <=  > (90 / 137) 65.69%  ETA: 00:00:04
Checking Config Backups - Time: 00:00:06 <== > (94 / 137) 68.61%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:06 <== > (97 / 137) 70.80%  ETA: 00:00:03
Checking Config Backups - Time: 00:00:06 <= > (101 / 137) 73.72%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:06 <= > (106 / 137) 77.37%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:07 <= > (111 / 137) 81.02%  ETA: 00:00:02
Checking Config Backups - Time: 00:00:07 <= > (116 / 137) 84.67%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:07 <= > (121 / 137) 88.32%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:07 <= > (126 / 137) 91.97%  ETA: 00:00:01
Checking Config Backups - Time: 00:00:07 <= > (130 / 137) 94.89%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:08 <= > (131 / 137) 95.62%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:08 <= > (132 / 137) 96.35%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:08 <= > (133 / 137) 97.08%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:08 <= > (134 / 137) 97.81%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:08 <= > (135 / 137) 98.54%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:09 <= > (136 / 137) 99.27%  ETA: 00:00:00
Checking Config Backups - Time: 00:00:09 <=> (137 / 137) 100.00% Time: 00:00:09

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Tue Jun 17 10:58:51 2025
[+] Requests Done: 176
[+] Cached Requests: 5
[+] Data Sent: 55.935 KB
[+] Data Received: 1.061 MB
[+] Memory used: 279.547 MB
[+] Elapsed time: 00:00:31

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

Usage: wpscan [options]
--url URL                                 The URL of the blog to scan
Allowed Protocols: http, https
Default Protocol if none provided: http
This option is mandatory unless update or help or hh or version is/are supplied
-h, --help                                    Display the simple help and exit
--hh                                      Display the full help and exit
--version                                 Display the version and exit
-v, --verbose                                 Verbose mode
--[no-]banner                             Whether or not to display the banner
Default: true
-o, --output FILE                             Output to FILE
-f, --format FORMAT                           Output results in the format supplied
Available choices: cli-no-colour, cli-no-color, json, cli
--detection-mode MODE                     Default: mixed
Available choices: mixed, passive, aggressive
--user-agent, --ua VALUE
--random-user-agent, --rua                Use a random user-agent for each scan
--http-auth login:password
-t, --max-threads VALUE                       The max threads to use
Default: 5
--throttle MilliSeconds                   Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
--request-timeout SECONDS                 The request timeout in seconds
Default: 60
--connect-timeout SECONDS                 The connection timeout in seconds
Default: 30
--disable-tls-checks                      Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
--proxy protocol://IP:port                Supported protocols depend on the cURL installed
--proxy-auth login:password
--cookie-string COOKIE                    Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
--cookie-jar FILE-PATH                    File to read and write cookies
Default: /tmp/wpscan/cookie_jar.txt
--force                                   Do not check if the target is running WordPress or returns a 403
--[no-]update                             Whether or not to update the Database
--api-token TOKEN                         The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
--wp-content-dir DIR                      The wp-content directory if custom or not detected, such as "wp-content"
--wp-plugins-dir DIR                      The plugins directory if custom or not detected, such as "wp-content/plugins"
-e, --enumerate [OPTS]                        Enumeration Process
Available Choices:
vp   Vulnerable plugins
ap   All plugins
p    Popular plugins
vt   Vulnerable themes
at   All themes
t    Popular themes
tt   Timthumbs
cb   Config backups
dbe  Db exports
u    User IDs range. e.g: u1-5
Range separator to use: '-'
Value if no argument supplied: 1-10
m    Media IDs range. e.g m1-15
Note: Permalink setting must be set to "Plain" for those to be detected
Range separator to use: '-'
Value if no argument supplied: 1-100
Separator to use between the values: ','
Default: All Plugins, Config Backups
Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
Incompatible choices (only one of each group/s can be used):
- vp, ap, p
- vt, at, t
--exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
Both the headers and body are checked. Regexp delimiters are not required.
--plugins-detection MODE                  Use the supplied mode to enumerate Plugins.
Default: passive
Available choices: mixed, passive, aggressive
--plugins-version-detection MODE          Use the supplied mode to check plugins' versions.
Default: mixed
Available choices: mixed, passive, aggressive
--exclude-usernames REGEXP_OR_STRING      Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
If no --username/s option supplied, user enumeration will be run.
-U, --usernames LIST                          List of usernames to use during the password attack.
Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
--multicall-max-passwords MAX_PWD         Maximum number of passwords to send by request with XMLRPC multicall
Default: 500
--password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.
Multicall will only work against WP < 4.4
Available choices: wp-login, xmlrpc, xmlrpc-multicall
--login-uri URI                           The URI of the login page if different from /wp-login.php
--stealthy                                Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive

[!] To see full list of options use --hh.

_______________________________________________________________
__          _______   _____
\ \        / /  __ \ / ____|
\ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
\ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
\  /\  /  | |     ____) | (__| (_| | | | |
\/  \/   |_|    |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 3.8.28
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] It seems like you have not updated the database for some time.
[!] Task timed out and was killed.
[?] Do you want to update now? [Y]es [N]o, default: [N][?2004h▽

One of the following options is required: --url, --update, --help, --hh, --version

Please use --help/-h for the list of available options.