{"id":1695,"date":"2019-01-19T18:01:13","date_gmt":"2019-01-19T17:01:13","guid":{"rendered":"https:\/\/christeninformatica.ch\/?p=1695"},"modified":"2023-05-09T06:43:20","modified_gmt":"2023-05-09T04:43:20","slug":"guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux","status":"publish","type":"post","link":"https:\/\/christeninformatica.ch\/it\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/","title":{"rendered":"Sicurezza WordPress – Penetration test con Kali Linux"},"content":{"rendered":"\n

Guida in italiano sul come testare la sicurezza<\/b> del proprio sito\/server effettuando dei penetration<\/b> test con Kali Linux<\/b>.<\/p>\n

Cos’\u00e8 Kali Linux<\/h2>\n

Kali Linux<\/b> \u00e8 una distribuzione Linux<\/b> per “penetration testers”<\/b> e ethical hackers<\/b>. Kali Linux<\/b>, il successore di BackTrack Linux<\/b>, \u00e8 basato su Debian<\/b> e viene fornito con tutti i programmi per testare la sicurezza ed effettuare dei penetration test<\/b> preinstallati e preconfigurati.<\/p>\n

Se si clicca in alto a sinistra su \u201cApplications\u201d appare un menu con tutti programmi che servono per testare la sicurezza in generale (la sicurezza di reti senza fili, siti, password eccetera) e nel menu numero 3, \u201cWeb Application Analysis\u201d, ci sono tutti i programmi pi\u00f9 conosciti per testare la sicurezza<\/b> del proprio sito\/server come per esempio wpscan<\/b> e owasp-zap<\/b>.<\/p>\nPer scaricare Kali Linux<\/b> cliccare sul seguente link: Kali Linux ISO Download<\/a>.<\/p>\n

Testare la sicurezza di WordPress con WPScan<\/h2>\n

WPScan<\/b> \u00e8 un programma usato per rilevare vulnerabilit\u00e0<\/b> in siti WordPress<\/b> e testare la sicurezza<\/b>. Con WPScan<\/b> \u00e8 possibile scoprire quali plugins sono installati in modo da poterli “exploitare” se non sono aggiornati, si pu\u00f2 scoprire il nome dell’amministratore del blog per poi tentare di “crackare”<\/b> la password con un attacco “brute force”<\/b>, si pu\u00f2 scoprire il tema WordPress<\/b> o\/e la versione di WordPress<\/b> in uso per poi cercare degli “exploits”<\/b> e molto altro.<\/p>\n

Ecco un semplice esempio:<\/p> \n

\n
\n
\n:~ # wpscan --url https:\/\/christeninformatica.ch\n_______________________________________________________________\n        __          _______   _____\n        \\ \\        \/ \/  __ \\ \/ ____|\n         \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n          \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n           \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n            \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n        WordPress Security Scanner by the WPScan Team\n                       Version 3.4.3\n          Sponsored by Sucuri - https:\/\/sucuri.net\n      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_\n_______________________________________________________________\nScan Aborted: The remote website is up, but does not seem to be running WordPress.\n:~ # \n<\/pre>\n<\/blockquote>\n<\/div>\n
\nProvando a testare il mio sito ho ricevuto un errore: “Scan Aborted: The remote website is up, but does not seem to be running WordPress<\/b>“. Per vari motivi pu\u00f2 essere che il sito sia WordPress<\/b> ma risulti come se non lo sia. Se si dovesse essere sicuri – o per andare sul sicuro – che il sito in questione utilizzi WordPress<\/b>, usare l’opzione –force che “forza” ad effettuare la scansione senza controllare se il sito \u00e8 WordPress<\/b>. \n<\/p>\n
\n
\n
\n# wpscan --force --url https:\/\/christeninformatica.ch\n_______________________________________________________________\n        __          _______   _____\n        \\ \\        \/ \/  __ \\ \/ ____|\n         \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n          \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n           \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n            \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n        WordPress Security Scanner by the WPScan Team\n                       Version 3.4.3\n          Sponsored by Sucuri - https:\/\/sucuri.net\n      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_\n_______________________________________________________________\n[+] URL: https:\/\/christeninformatica.ch\/\n[+] Started: Sat Jan 19 16:57:22 2019\nInteresting Finding(s):\n[+] https:\/\/christeninformatica.ch\/\n | Interesting Entry: Server: Apache\n | Found By: Headers (Passive Detection)\n | Confidence: 100%\n[+] https:\/\/christeninformatica.ch\/robots.txt\n | Found By: Robots Txt (Aggressive Detection)\n | Confidence: 100%\n[+] WordPress version 5.0.3 identified (Latest, released on 2019-01-09).\n | Detected By: Rss Generator (Aggressive Detection)\n |  - https:\/\/christeninformatica.ch\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n |  - https:\/\/christeninformatica.ch\/comments\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n[i] The main theme could not be detected.\n[+] Enumerating All Plugins\n[+] Checking Plugin Versions\n[i] Plugin(s) Identified:\n[+] wp-super-cache\n | Location: https:\/\/christeninformatica.ch\/tag\/plugins\/wp-super-cache\/\n | Latest Version: 1.6.4\n | Last Updated: 2018-12-20T09:36:00.000Z\n |\n | Detected By: Comment (Passive Detection)\n |\n | [!] 10 vulnerabilities identified:\n |\n | [!] Title: WP-Super-Cache 1.3 - Remote Code Execution\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6623\n |      - http:\/\/www.acunetix.com\/blog\/web-security-zone\/wp-plugins-remote-code-execution\/\n |      - http:\/\/wordpress.org\/support\/topic\/pwn3d\n |      - http:\/\/blog.sucuri.net\/2013\/04\/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/wp-cache.php wp_nonce_url Function URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6624\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/wptouch.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6625\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/searchengine.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6626\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/domain-mapping.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6627\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/badbehaviour.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6628\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/awaitingmoderation.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6629\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)\n |     Fixed in: 1.4.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/7889\n |      - http:\/\/blog.sucuri.net\/2015\/04\/security-advisory-persistent-xss-in-wp-super-cache.html\n |\n | [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)\n |     Fixed in: 1.4.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8197\n |      - http:\/\/z9.io\/2015\/09\/25\/wp-super-cache-1-4-5\/\n |\n | [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection\n |     Fixed in: 1.4.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8198\n |      - http:\/\/z9.io\/2015\/09\/25\/wp-super-cache-1-4-5\/\n |\n | The version could not be determined.\n[+] Enumerating Config Backups\n Checking Config Backups - Time: 00:00:05 <==================================================================================================================================================================================================> (21 \/ 21) 100.00% Time: 00:00:05\n[i] No Config Backups Found.\n[+] Finished: Sat Jan 19 16:57:38 2019\n[+] Requests Done: 50\n[+] Cached Requests: 7\n[+] Data Sent: 8.144 KB\n[+] Data Received: 896.239 KB\n[+] Memory used: 84.176 MB\n[+] Elapsed time: 00:00:16\n:~ #\n<\/pre>\n<\/blockquote>\n<\/div>\n
Da come si pu\u00f2 vedere dal risultato di questa prima “scansione” abbiamo un grave problema: WPScan<\/b> a rilevato la versione di WordPress<\/b> in uso. Per risolvere questo problema ho bloccato l’accesso a “christeninformatica.ch\/feed” e disabilitato gli RSS Feed. Se si effettua un nuovo test per vedere se le modifiche apportate hanno avuto successo e si nota che WPScan<\/b> usa altri metodi per determinare la versione di WordPress<\/b>, scoprire come impedirlo e testare di nuovo.  \n<\/p>\n
Scoprire il nome dell’amministratore WordPress con WPScan<\/h3>\n
\n
\n
\n:~ # wpscan --force --url https:\/\/christeninformatica.ch --enumerate u\n_______________________________________________________________\n        __          _______   _____\n        \\ \\        \/ \/  __ \\ \/ ____|\n         \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n          \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n           \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n            \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n        WordPress Security Scanner by the WPScan Team\n                       Version 3.4.3\n          Sponsored by Sucuri - https:\/\/sucuri.net\n      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_\n_______________________________________________________________\n[+] URL: https:\/\/christeninformatica.ch\/\n[+] Started: Sat Jan 19 17:02:11 2019\nInteresting Finding(s):\n[+] https:\/\/christeninformatica.ch\/\n | Interesting Entry: Server: Apache\n | Found By: Headers (Passive Detection)\n | Confidence: 100%\n[+] https:\/\/christeninformatica.ch\/robots.txt\n | Found By: Robots Txt (Aggressive Detection)\n | Confidence: 100%\n[+] WordPress version 5.0.3 identified (Latest, released on 2019-01-09).\n | Detected By: Rss Generator (Aggressive Detection)\n |  - https:\/\/christeninformatica.ch\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n |  - https:\/\/christeninformatica.ch\/comments\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n[i] The main theme could not be detected.\n[+] Enumerating Users\n Brute Forcing Author IDs - Time: 00:00:02 <=================================================================================================================================================================================================> (10 \/ 10) 100.00% Time: 00:00:02\n[i] User(s) Identified:\n[+] chituser\n | Detected By: Author Posts - Author Pattern (Passive Detection)\n | Confirmed By: Wp Json Api (Aggressive Detection)\n |  - https:\/\/christeninformatica.ch\/wp-json\/wp\/v2\/users\/\n[+] chitadmin\n | Detected By: Rss Generator (Aggressive Detection)\n[+] Finished: Sat Jan 19 17:02:16 2019\n[+] Requests Done: 18\n[+] Cached Requests: 28\n[+] Data Sent: 3.107 KB\n[+] Data Received: 482.021 KB\n[+] Memory used: 24.863 MB\n[+] Elapsed time: 00:00:04\n:~ #\n<\/pre>\n<\/blockquote>\n<\/div>\n
Con l’opzione “–enumerate” u (users) si controlla se informazioni come il nome dell’amministratore e di altri utenti, sono protette o meno. E anche qui WPScan<\/b> ha rilevato un problema, ha scoperto il nome dell’amministratore e di un altro utente. Un malintenzionato potrebbe ora provare a crackare la password e ottenere diritti d’amministratore sul sito WordPress<\/b>. Per risolvere questo problema disabilitare Wp Json Api<\/b> e configurare il tema WordPress<\/b> in uso in modo da non mostrare l’autore.\n<\/p>\n
Disabilitare le Rest API in WordPress con Ithemes Security<\/h4>\n
Per disabilitare WP Json API<\/b> andare nella sezione “WordPress Tweaks<\/b>” di Ithemes Security<\/b> e poi in REST API scegliere “Restricted Access”.\n<\/p>\n\"Kali\n
Scoprire i plugin WordPress in uso con WPScan<\/h3> \n
\n
\n
\n:~ # wpscan --force --url https:\/\/christeninformatica.ch --enumerate p\n_______________________________________________________________\n        __          _______   _____\n        \\ \\        \/ \/  __ \\ \/ ____|\n         \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n          \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n           \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n            \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n        WordPress Security Scanner by the WPScan Team\n                       Version 3.4.3\n          Sponsored by Sucuri - https:\/\/sucuri.net\n      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_\n_______________________________________________________________\n[+] URL: https:\/\/christeninformatica.ch\/\n[+] Started: Sat Jan 19 17:10:51 2019\nInteresting Finding(s):\n[+] https:\/\/christeninformatica.ch\/\n | Interesting Entry: Server: Apache\n | Found By: Headers (Passive Detection)\n | Confidence: 100%\n[+] https:\/\/christeninformatica.ch\/robots.txt\n | Found By: Robots Txt (Aggressive Detection)\n | Confidence: 100%\n[+] WordPress version 5.0.3 identified (Latest, released on 2019-01-09).\n | Detected By: Rss Generator (Aggressive Detection)\n |  - https:\/\/christeninformatica.ch\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n |  - https:\/\/christeninformatica.ch\/comments\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n[i] The main theme could not be detected.\n[+] Enumerating Most Popular Plugins\n[+] Checking Plugin Versions\n[i] Plugin(s) Identified:\n[+] wp-super-cache\n | Location: https:\/\/christeninformatica.ch\/tag\/plugins\/wp-super-cache\/\n | Latest Version: 1.6.4\n | Last Updated: 2018-12-20T09:36:00.000Z\n |\n | Detected By: Comment (Passive Detection)\n |\n | [!] 10 vulnerabilities identified:\n |\n | [!] Title: WP-Super-Cache 1.3 - Remote Code Execution\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6623\n |      - http:\/\/www.acunetix.com\/blog\/web-security-zone\/wp-plugins-remote-code-execution\/\n |      - http:\/\/wordpress.org\/support\/topic\/pwn3d\n |      - http:\/\/blog.sucuri.net\/2013\/04\/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/wp-cache.php wp_nonce_url Function URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6624\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/wptouch.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6625\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/searchengine.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6626\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/domain-mapping.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6627\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/badbehaviour.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6628\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache 1.3 - trunk\/plugins\/awaitingmoderation.php URI XSS\n |     Fixed in: 1.3.1\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/6629\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-2008\n |\n | [!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)\n |     Fixed in: 1.4.3\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/7889\n |      - http:\/\/blog.sucuri.net\/2015\/04\/security-advisory-persistent-xss-in-wp-super-cache.html\n |\n | [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)\n |     Fixed in: 1.4.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8197\n |      - http:\/\/z9.io\/2015\/09\/25\/wp-super-cache-1-4-5\/\n |\n | [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection\n |     Fixed in: 1.4.5\n |     References:\n |      - https:\/\/wpvulndb.com\/vulnerabilities\/8198\n |      - http:\/\/z9.io\/2015\/09\/25\/wp-super-cache-1-4-5\/\n |\n | The version could not be determined.\n[+] Finished: Sat Jan 19 17:11:02 2019\n[+] Requests Done: 28\n[+] Cached Requests: 6\n[+] Data Sent: 4.73 KB\n[+] Data Received: 679.634 KB\n[+] Memory used: 67.156 MB\n[+] Elapsed time: 00:00:10\n:~ #\n<\/pre>\n<\/blockquote>\n<\/div>\n
Enumerate p serve per vedere i plugin installati. La soluzione \u00e8 nascondere le traccie dei plugin dal codice HTML, cambiare il nome della cartella wp-content<\/b>, usarne il meno possibile e aggiornarli regolarmente.<\/p>\n
Scoprire il tema WordPress in uso con WPScan<\/h3>\n
\n
\n
\n# wpscan --force --url https:\/\/christeninformatica.ch --enumerate t\n_______________________________________________________________\n        __          _______   _____\n        \\ \\        \/ \/  __ \\ \/ ____|\n         \\ \\  \/\\  \/ \/| |__) | (___   ___  __ _ _ __ \u00ae\n          \\ \\\/  \\\/ \/ |  ___\/ \\___ \\ \/ __|\/ _` | '_ \\\n           \\  \/\\  \/  | |     ____) | (__| (_| | | | |\n            \\\/  \\\/   |_|    |_____\/ \\___|\\__,_|_| |_|\n        WordPress Security Scanner by the WPScan Team\n                       Version 3.4.3\n          Sponsored by Sucuri - https:\/\/sucuri.net\n      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_\n_______________________________________________________________\n[+] URL: https:\/\/christeninformatica.ch\/\n[+] Started: Sat Jan 19 17:26:06 2019\nInteresting Finding(s):\n[+] https:\/\/christeninformatica.ch\/\n | Interesting Entry: Server: Apache\n | Found By: Headers (Passive Detection)\n | Confidence: 100%\n[+] https:\/\/christeninformatica.ch\/robots.txt\n | Found By: Robots Txt (Aggressive Detection)\n | Confidence: 100%\n[+] WordPress version 5.0.3 identified (Latest, released on 2019-01-09).\n | Detected By: Rss Generator (Aggressive Detection)\n |  - https:\/\/christeninformatica.ch\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n |  - https:\/\/christeninformatica.ch\/comments\/feed\/, https:\/\/wordpress.org\/?v=5.0.3<\/generator>\n[i] The main theme could not be detected.\n[+] Enumerating Most Popular Themes\n Checking Known Locations - Time: 00:01:31 <===============================================================================================================================================================================================> (411 \/ 411) 100.00% Time: 00:01:31\n[i] No themes Found.\n[+] Finished: Sat Jan 19 17:27:45 2019\n[+] Requests Done: 438\n[+] Cached Requests: 4\n[+] Data Sent: 70.294 KB\n[+] Data Received: 4.764 MB\n[+] Memory used: 47.598 MB\n[+] Elapsed time: 00:01:39\n:~ # \n<\/pre>\n<\/blockquote>\n<\/div>\n
Da questo esempio si nota l'importanza di non usare temi troppo popolari e se si usano, di aggiornarli il pi\u00f9 spesso possibile.\n<\/p>\n
Testare la sicurezza del proprio sito\/sever con Owasp ZAP<\/h2>\n
Owasp ZAP<\/b> \u00e8 un programma per testare la sicurezza<\/b> del proprio server\/sito. \u00c8 semplice da usare basta inserire la URL della propria pagina nel campo \u201cURL to attack\u201d e cliccare su Attack.<\/p>\n
Una volta finito controllare sotto \u201cAvvisi\u201d per vedere che falle della sicurezza sono state trovate, fare ricerche sul come risolvere i problemi e poi rimediare.<\/p>\n
\"OWASP<\/p>\n\n\n\n
<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"
Guida in italiano sul come testare la sicurezza del proprio sito\/server effettuando dei penetration test con Kali Linux. Cos’\u00e8 Kali Linux Kali Linux \u00e8 una distribuzione Linux per “penetration testers” e ethical hackers. Kali Linux, il successore di BackTrack Linux, \u00e8 basato su Debian e viene fornito con tutti i programmi per testare la sicurezza…<\/p>\n
Read More “Sicurezza WordPress – Penetration test con Kali Linux”<\/span> »<\/a><\/p>","protected":false},"author":5,"featured_media":1807,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[268,49,297,144],"tags":[259,10,12,281,76,272,117,20,5,16,260,11,2,258],"class_list":["post-1695","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethical-hacking-penetration-testing","category-sicurezza-informatica-anonimato","category-tutorials","category-articoli-wordpress","tag-ethical-hacking","tag-guida","tag-italiano","tag-kali-linux","tag-linux","tag-owasp-zap","tag-penetration-test","tag-security","tag-server","tag-sicurezza","tag-sito","tag-tutorial","tag-wordpress","tag-wpscan"],"yoast_head":"\nSicurezza WordPress - Penetration test con Kali Linux • CHIT<\/title>\n<meta name=\"description\" content=\"Guida in italiano sul come testare la sicurezza del proprio sito\/server effettuando dei penetration test con Kali Linux la distribuzione Linux per ethical hackers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/christeninformatica.ch\/it\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sicurezza WordPress - Penetration test con Kali Linux • CHIT\" \/>\n<meta property=\"og:description\" content=\"Guida in italiano sul come testare la sicurezza del proprio sito\/server effettuando dei penetration test con Kali Linux la distribuzione Linux per ethical hackers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/christeninformatica.ch\/it\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/\" \/>\n<meta property=\"og:site_name\" content=\"CHIT\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-19T17:01:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-09T04:43:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/christeninformatica.ch\/media\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"548\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"chitblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"chitblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/\"},\"author\":{\"name\":\"chitblog\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"headline\":\"Sicurezza WordPress – Penetration test con Kali Linux\",\"datePublished\":\"2019-01-19T17:01:13+00:00\",\"dateModified\":\"2023-05-09T04:43:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/\"},\"wordCount\":636,\"commentCount\":1,\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg\",\"keywords\":[\"ethical hacking\",\"guida\",\"italiano\",\"Kali Linux\",\"linux\",\"OWASP ZAP\",\"penetration test\",\"security\",\"server\",\"Sicurezza\",\"sito\",\"tutorial\",\"Wordpress\",\"wpscan\"],\"articleSection\":[\"Ethical Hacking \\\/ Penetration Testing\",\"Sicurezza \\\/ Anonimato\",\"Tutorials\",\"WordPress\"],\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/\",\"name\":\"Sicurezza WordPress - Penetration test con Kali Linux • CHIT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg\",\"datePublished\":\"2019-01-19T17:01:13+00:00\",\"dateModified\":\"2023-05-09T04:43:20+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"description\":\"Guida in italiano sul come testare la sicurezza del proprio sito\\\/server effettuando dei penetration test con Kali Linux la distribuzione Linux per ethical hackers.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#primaryimage\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg\",\"contentUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg\",\"width\":730,\"height\":548},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/christeninformatica.ch\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sicurezza WordPress – Penetration test con Kali Linux\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/\",\"name\":\"CHIT\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/christeninformatica.ch\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\",\"name\":\"chitblog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"caption\":\"chitblog\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sicurezza WordPress - Penetration test con Kali Linux • CHIT","description":"Guida in italiano sul come testare la sicurezza del proprio sito\/server effettuando dei penetration test con Kali Linux la distribuzione Linux per ethical hackers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/christeninformatica.ch\/it\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/","og_locale":"it_IT","og_type":"article","og_title":"Sicurezza WordPress - Penetration test con Kali Linux • CHIT","og_description":"Guida in italiano sul come testare la sicurezza del proprio sito\/server effettuando dei penetration test con Kali Linux la distribuzione Linux per ethical hackers.","og_url":"https:\/\/christeninformatica.ch\/it\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/","og_site_name":"CHIT","article_published_time":"2019-01-19T17:01:13+00:00","article_modified_time":"2023-05-09T04:43:20+00:00","og_image":[{"width":730,"height":548,"url":"https:\/\/christeninformatica.ch\/media\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg","type":"image\/jpeg"}],"author":"chitblog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"chitblog","Est. reading time":"10 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#article","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/"},"author":{"name":"chitblog","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"headline":"Sicurezza WordPress – Penetration test con Kali Linux","datePublished":"2019-01-19T17:01:13+00:00","dateModified":"2023-05-09T04:43:20+00:00","mainEntityOfPage":{"@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/"},"wordCount":636,"commentCount":1,"image":{"@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg","keywords":["ethical hacking","guida","italiano","Kali Linux","linux","OWASP ZAP","penetration test","security","server","Sicurezza","sito","tutorial","Wordpress","wpscan"],"articleSection":["Ethical Hacking \/ Penetration Testing","Sicurezza \/ Anonimato","Tutorials","WordPress"],"inLanguage":"it-IT","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/","url":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/","name":"Sicurezza WordPress - Penetration test con Kali Linux • CHIT","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/#website"},"primaryImageOfPage":{"@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#primaryimage"},"image":{"@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg","datePublished":"2019-01-19T17:01:13+00:00","dateModified":"2023-05-09T04:43:20+00:00","author":{"@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"description":"Guida in italiano sul come testare la sicurezza del proprio sito\/server effettuando dei penetration test con Kali Linux la distribuzione Linux per ethical hackers.","breadcrumb":{"@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#primaryimage","url":"https:\/\/christeninformatica.ch\/media\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg","contentUrl":"https:\/\/christeninformatica.ch\/media\/kali-linux-penetration-test-ethical-hacking-distribution-web-application-analysis.jpg","width":730,"height":548},{"@type":"BreadcrumbList","@id":"https:\/\/christeninformatica.ch\/guida-italiano-penetration-test-owasp-zap-wpscan-wordpress-sicurezza-ethical-hacking-kali-linux\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/christeninformatica.ch\/"},{"@type":"ListItem","position":2,"name":"Sicurezza WordPress – Penetration test con Kali Linux"}]},{"@type":"WebSite","@id":"https:\/\/christeninformatica.ch\/#website","url":"https:\/\/christeninformatica.ch\/","name":"CHIT","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/christeninformatica.ch\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64","name":"chitblog","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","caption":"chitblog"}}]}},"_links":{"self":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/comments?post=1695"}],"version-history":[{"count":0,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1695\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media\/1807"}],"wp:attachment":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media?parent=1695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/categories?post=1695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/tags?post=1695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}