Tor

Welches Theme ist das? WPScan

Man sieht eine gute Sei­te und will wis­sen, wel­ches The­me genutzt wird oder wel­che Plug­ins instal­liert sind. Für den schnel­len Blick hel­fen Sei­ten wie: Word­Press The­me Search, WPThe­me­Doc­tor und What­The­me.

Wenn man sorg­fäl­tig sein Word­Press betrei­ben möch­te oder sei­nen Dienst­leis­ter unter­stüt­zen will, hat man einen Schwach­stel­len-Scan­ner wie zum Bsp. WPScan instal­liert und im regel­mä­ßi­gen Ein­satz. Mit WPScan ist ein Scan nach Plug­in und The­me effek­ti­ver, denn er zeigt Sicher­heits­pro­ble­me, die man mit den Plug­in oder dem The­me haben könn­te, gleich mit an.

Mit den o.g. Web-Tools läßt man sich das ent­spre­chen­de The­me oder Plug­in anzei­gen, instal­liert es in sei­ne Test­um­ge­bung und prüft dann mit WPScan.

WPScan

WPScan läuft da, wo Ruby läuft, wei­ter­hin auf der Pro­jekt­sei­te. Wer wei­te­re Sicher­heits­test macht, dem sei die Linux-Dis­tri­bu­ti­on Kali Linux[1]Kali Linux ent­hält Soft­ware­tools, die zum Teil Sicher­heits­vor­keh­run­gen umge­hen und die nach § 202c StGB, dem Ende Mai 2007 in Kraft getre­te­nen soge­nann­ten Hacker­pa­ra­gra­fen, in Deutsch­land als … Con­ti­nue rea­ding emp­foh­len, hier ist WPScan bereits instal­liert.

Web-Seite scannen

ruby wpscan.rb --url http://test.jens-falk.de

Das sieht dann so aus:

_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.9.3
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[+] URL: http://test.jens-falk.de/
[+] Started: Fri Sep 22 20:20:15 2017

[+] robots.txt available under: 'http://test.jens-falk.de/robots.txt'
[!] The WordPress 'http://test.jens-falk.de/readme.html' file exists exposing a version number
[!] Full Path Disclosure (FPD) in 'http://test.jens-falk.de/wp-includes/rss-functions.php': 
[+] Interesting header: LINK: <http://test.jens-falk.de/wp-json/>; rel="https://api.w.org/"
[+] Interesting header: SERVER: Apache/2.4.25
[+] Interesting header: X-CACHE: MISS from falkproxy
[+] Interesting header: X-CACHE-LOOKUP: HIT from falkproxy:800
[+] Interesting header: X-POWERED-BY: PHP/5.6.28
[+] XML-RPC Interface available under: http://test.jens-falk.de/xmlrpc.php

[+] WordPress version 4.8.2 (Released on 2017-09-19) identified from meta generator, links opml

[+] WordPress theme in use: advanced-twenty-seventeen-child - v1.0

[+] Name: advanced-twenty-seventeen-child - v1.0
 |  Location: http://test.jens-falk.de/wp-content/themes/advanced-twenty-seventeen-child/
 |  Style URL: http://test.jens-falk.de/wp-content/themes/advanced-twenty-seventeen-child/style.css
 |  Theme Name: Advanced Twenty Seventeen Child
 |  Theme URI: http://saturnsolutions.com
 |  Description: Twenty Seventeen brings your site to life with immersive featured images and subtle animations. W...
 |  Author: SaturnSolutions
 |  Author URI: http://saturnsolutions.com/

[+] Detected parent theme: twentyseventeen - v1.3

[+] Name: twentyseventeen - v1.3
 |  Latest version: 1.3 (up to date)
 |  Last updated: 2017-06-08T00:00:00.000Z
 |  Location: http://test.jens-falk.de/wp-content/themes/twentyseventeen/
 |  Readme: http://test.jens-falk.de/wp-content/themes/twentyseventeen/README.txt
 |  Style URL: http://test.jens-falk.de/wp-content/themes/twentyseventeen/style.css
 |  Theme Name: Twenty Seventeen
 |  Theme URI: https://wordpress.org/themes/twentyseventeen/
 |  Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a...
 |  Author: the WordPress team
 |  Author URI: https://wordpress.org/

[+] Enumerating plugins from passive detection ...
 | 1 plugin found:

[+] Name: advanced-twenty-seventeen - v1.3.1
 |  Latest version: 1.3.1 (up to date)
 |  Last updated: 2017-02-27T05:49:00.000Z
 |  Location: http://test.jens-falk.de/wp-content/plugins/advanced-twenty-seventeen/
 |  Readme: http://test.jens-falk.de/wp-content/plugins/advanced-twenty-seventeen/readme.txt

Benutzernamen suchen

Der Befehl lau­tet:

ruby wpscan.rb --url http://test.jens-falk.de --enumerate u

bzw. bei zahl­rei­chen Benut­zern

ruby wpscan.rb --url http://deinewebseite.de --enumerate u[10-20]

Das Ergeb­nis

[+] Enumerating usernames ...
[+] Identified the following 1 user/s:
    +----+--------+----------+
    | Id | Login  | Name     |
    +----+--------+----------+
    | 1  | tester | Tester – |
    +----+--------+----------+

Passwortsicherheit prüfen

Es  macht durch­aus Sinn nun zu prü­fen, ob ein Angrei­fer sich anmel­den könn­te:

ruby wpscan.rb --url http://deineseite.de --wordlist passwoerter.txt

Das Ergeb­nis

[+] Enumerating usernames ...
[+] Identified the following 1 user/s:
    +----+--------+----------+
    | Id | Login  | Name     |
    +----+--------+----------+
    | 1  | tester | Tester – |
    +----+--------+----------+
[+] Starting the password brute forcer
  Brute Forcing 'tester' Time: 00:00:00 <=====================================================================================> (1 / 1) 100.00% Time: 00:00:00
  [+] [SUCCESS] Login : tester Password : geheim                                                                                            


  +----+--------+----------+--------------------------+
  | Id | Login  | Name     | Password                 |
  +----+--------+----------+--------------------------+
  | 1  | tester | Tester – | geheim                   |
  +----+--------+----------+--------------------------+

Datei­en mit Pass­wör­tern sind zahl­reich zu fin­den (Goog­le “pass­word list txt”). Vie­le Nut­zer ver­wen­den für Web­sei­ten immer das glei­che Pass­wort. Ihnen ist nicht klar, daß mit einem Ein­bruch Pass­wör­ter aus­ge­le­sen und in Lis­ten gespei­chert wer­den.

Schwachstellen im Theme finden

ruby wpscan.rb --url http://deineseite.de --enumerate vt

Schwachstellen bei Plugins finden

ruby wpscan.rb --url http://deineseite.de --enumerate vp

Das Ergeb­nis

[+] URL: https://meine-verwundbaren-wp-plugins.de/
[+] Started: Fri Sep 22 20:29:41 2017

[+] robots.txt available under: 'https://meine-verwundbaren-wp-plugins.de/robots.txt'
[+] Interesting entry from robots.txt: Sitemap: http://meine-verwundbaren-wp-plugins.de/?feed=google_news_sitemap
[!] The WordPress 'https://meine-verwundbaren-wp-plugins.de/readme.html' file exists exposing a version number
[+] Interesting header: SERVER: nginx
[+] Interesting header: X-CACHE-ENGINE: WP-FFPC with memcached via PHP
[+] Interesting header: X-POWERED-BY: PHP/5.4.45-1~dotdeb+7.1
[+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
[+] XML-RPC Interface available under: https://meine-verwundbaren-wp-plugins.de/xmlrpc.php

[+] WordPress version 4.7 (Released on 2016-12-06) identified from readme
[!] 27 vulnerabilities identified from the version number

[!] Title: WordPress 4.3-4.7 - Remote Code Execution (RCE) in PHPMailer
    Reference: https://wpvulndb.com/vulnerabilities/8714
    Reference: https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/
    Reference: https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/24767c76d359231642b0ab48437b64e8c6c7f491
    Reference: http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
    Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_phpmailer_host_header
[i] Fixed in: 4.7.1

[!] Title: WordPress 4.7 - User Information Disclosure via REST API
    Reference: https://wpvulndb.com/vulnerabilities/8715
    Reference: https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/
    Reference: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5487
[i] Fixed in: 4.7.1

[!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
    Reference: https://wpvulndb.com/vulnerabilities/8716
    Reference: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
[i] Fixed in: 4.7.1

[!] Title: WordPress <= 4.7 - Cross-Site Request Forgery (CSRF) via Flash Upload
    Reference: https://wpvulndb.com/vulnerabilities/8717
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5489
[i] Fixed in: 4.7.1

[!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
    Reference: https://wpvulndb.com/vulnerabilities/8718
    Reference: https://www.mehmetince.net/low-severity-wordpress/
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
[i] Fixed in: 4.7.1

[!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
    Reference: https://wpvulndb.com/vulnerabilities/8719
    Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
[i] Fixed in: 4.7.1

[!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
    Reference: https://wpvulndb.com/vulnerabilities/8720
    Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
[i] Fixed in: 4.7.1

[!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    Reference: https://wpvulndb.com/vulnerabilities/8721
    Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
[i] Fixed in: 4.7.1

[!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
    Reference: https://wpvulndb.com/vulnerabilities/8729
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
    Reference: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610
[i] Fixed in: 4.7.2

[!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
    Reference: https://wpvulndb.com/vulnerabilities/8730
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
    Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
[i] Fixed in: 4.7.2

[!] Title: WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table
    Reference: https://wpvulndb.com/vulnerabilities/8731
    Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
    Reference: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612
[i] Fixed in: 4.7.2

[!] Title: WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API
    Reference: https://wpvulndb.com/vulnerabilities/8734
    Reference: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
    Reference: https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html
    Reference: https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab
    Reference: https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7
    Reference: https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_content_injection
[i] Fixed in: 4.7.2

[!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
    Reference: https://wpvulndb.com/vulnerabilities/8765
    Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
    Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
    Reference: http://seclists.org/oss-sec/2017/q1/563
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
[i] Fixed in: 4.7.3

[!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
    Reference: https://wpvulndb.com/vulnerabilities/8766
    Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
[i] Fixed in: 4.7.3

[!] Title: WordPress 4.7.0-4.7.2 - Authenticated Unintended File Deletion in Plugin Delete
    Reference: https://wpvulndb.com/vulnerabilities/8767
    Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6816
[i] Fixed in: 4.7.3

[!] Title: WordPress  4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
    Reference: https://wpvulndb.com/vulnerabilities/8768
    Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
    Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
[i] Fixed in: 4.7.3

[!] Title: WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names
    Reference: https://wpvulndb.com/vulnerabilities/8769
    Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6818
[i] Fixed in: 4.7.3

[!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
    Reference: https://wpvulndb.com/vulnerabilities/8770
    Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
    Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
    Reference: http://seclists.org/oss-sec/2017/q1/562
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
[i] Fixed in: 4.7.3

[!] Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset
    Reference: https://wpvulndb.com/vulnerabilities/8807
    Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
    Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295

[!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
    Reference: https://wpvulndb.com/vulnerabilities/8815
    Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
    Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
[i] Fixed in: 4.7.5

[!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
    Reference: https://wpvulndb.com/vulnerabilities/8816
    Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
    Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
[i] Fixed in: 4.7.5

[!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks 
    Reference: https://wpvulndb.com/vulnerabilities/8817
    Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
    Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
[i] Fixed in: 4.7.5

[!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
    Reference: https://wpvulndb.com/vulnerabilities/8818
    Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
    Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
    Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
[i] Fixed in: 4.7.5

[!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
    Reference: https://wpvulndb.com/vulnerabilities/8819
    Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
    Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
    Reference: https://hackerone.com/reports/203515
    Reference: https://hackerone.com/reports/203515
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
[i] Fixed in: 4.7.5

[!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
    Reference: https://wpvulndb.com/vulnerabilities/8820
    Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
    Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
[i] Fixed in: 4.7.5

[!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
    Reference: https://wpvulndb.com/vulnerabilities/8905
    Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
    Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
[i] Fixed in: 4.8.2

[!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
    Reference: https://wpvulndb.com/vulnerabilities/8906
    Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
    Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
    Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
    Reference: https://wpvulndb.com/vulnerabilities/8905
[i] Fixed in: 4.7.5

Die­se Scrip­te wer­den ganz sicher auch von jenen genutzt, die sich Zugang zum Con­tent Manage­ment Sys­tem ver­schaf­fen möch­ten. Des­halb soll­te WPScan regel­mä­ßig die eige­ne Word­Press-Instal­la­ti­on prü­fen.

Möch­ten Sie eine siche­re­re Word­Press-Instal­la­ti­on als die Stan­dard­in­stal­la­ti­on und regel­mä­ßi­ge Über­prü­fung Ihres CMS, so schrei­ben Sie uns. Zum Kon­takt­for­mu­lar.

Ver­wei­se

Ver­wei­se
1 Kali Linux ent­hält Soft­ware­tools, die zum Teil Sicher­heits­vor­keh­run­gen umge­hen und die nach § 202c StGB, dem Ende Mai 2007 in Kraft getre­te­nen soge­nann­ten Hacker­pa­ra­gra­fen, in Deutsch­land als Com­pu­ter­pro­gram­me zum Aus­spä­hen von Daten auf­ge­fasst wer­den. Auf­grund die­ser Geset­zes­la­ge kann bereits der Besitz oder Ver­trieb straf­bar sein, sofern die Absicht zu einer rechts­wid­ri­gen Nut­zung nach § 202a StGB (Aus­spä­hen von Daten) oder § 202b StGB (Abfan­gen von Daten) besteht. Zitat von Sei­te „Kali Linux“, Recht­li­ches. In: Wiki­pe­dia, Die freie Enzy­klo­pä­die. Bear­bei­tungs­stand: 4. August 2017, 20:02 UTC. URL: https://de.wikipedia.org/w/index.php?title=Kali_Linux&oldid=167875818 (Abge­ru­fen: 22. Sep­tem­ber 2017, 09:59 UTC)