Nmap Development mailing list archives
Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: Ron <ron () skullsecurity net>
Date: Sun, 13 Mar 2011 22:56:37 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey, I haven't really looked at this code, but I'm wondering if it could be integrated into http-enum.nse? All http-enum really does is iterate over a list of probes and look for expected results. The probes (defined, by default, in http-fingerprints.lua) are a table. The table can be hardcoded, generated, read from a file, etc. Like I said, I only read your email, not the script itself, so I may be completely wrong about what you're doing. Thanks! Ron On Sun, 13 Mar 2011 15:34:00 +0100 Gutek <ange.gutek () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, With 2.4M downloads and counting (http://wordpress.org/download/counter/), Wordpress definitively deserves its script. When it comes to security, a CMS is less vulnerable itself than its (numerous) third-party plugins and Wordpress has more than 13.000. This script tries to list those probably installed on a given blog by brute forcing the wp-content directory. The dictionnary it uses has the 13.405 existing plugins to date, sorted by popularity. Despite Nmap does its best to parallelize the queries, it could take an hour to test them all so by default the script will just test the 100 most popular ones. Of course, an option is provided so that the user can tweak this from any number to all. Another option allows to manualy specify a path to the blog from the website root. Because it's quite common that the blog service of a website would not be at its root, the script also tries itself to find its path through wordpress, even if not user-specified. Sample output : - - -- Interesting ports on my.woot.blog (123.123.123.123): - - -- PORT STATE SERVICE REASON - - -- 80/tcp open http syn-ack - - -- | http-wp-plugins: (search amongst the 500 most popular plugins, use --script-arg http-wp-plugins.search=<number|all> for deeper analysis) - - -- |_akismet, wp-db-backup, all-in-one-seo-pack, stats, wp-to-twitter With the hope someone considers it usefull, A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk181dcACgkQ3aDTTO0ha7gQQACdH3XPu63zQ5AH3jJpXfhCzRfT VT4AnjRfDwjF1odSQVswFx+Eu1NkMQNR =WmOK -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAk19kfUACgkQ2t2zxlt4g/Q9ZgCgipubvPNQWPy2OxUBeQIWvrRP BVYAn2ECr0Y0ZPRbnymGWB2//w8JaLAj =VUox -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Ron (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Mar 14)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Ron (Mar 13)