Nmap Development mailing list archives
Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: Djalal Harouni <tixxdz () opendz org>
Date: Fri, 29 Apr 2011 00:43:42 +0100
Just some random ideas. On 2011-03-14 18:30:38 +0100, Henri Doreau wrote:
2011/3/14 Gutek <ange.gutek () gmail com>:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ron, Indeed, that was my first intention : I was actually looking for new fingerprints for it :) But I kickly realized the potential huge amount of queries, later confirmed by a quick while-http.get()-end on the plugins list : it took an hour or so and http.pipeline doesn't help much. Then, considering the amount of fingerprints already tested by http-enum, it sounds me a very long scan for someone who just want to deal with a wordpress blog (or, who does'nt care about wp).Hi, retrieving the wordpress plugins list is a good idea!!
We can add some NSE code or a script to retrieve and update the plugins list, a script that will let users to _control_ and update the fingerprints. Actually I think that this should be done by an update handler function, which will be part of a framework. Nmap update feed system can also call and use these handlers. We should also offer a way to users to contribute http fingerprints as it is done with the OS fingerprints. Users should send them to nmap-dev.
I am wondering whether we could improve http-enum and/or the fingerprint database to implement a smarter system. I don't know how hard to implement and desirable that would be but some paths might activate the detection of other ones (that would have been skipped otherwise). This way we could avoid to do a complete plugins research in case we have no wordpress installation detected for instance. I am not comfortable with http-enum internals, but I can imagine something like adding a callback to the fingerprints table, to be executed when an associated path is detected as valid.
I'll try to look at http-enum (sorry perhaps I'm missing something), but I can tell that yes a smarter _modular_ system is the key, this way for each task we just add a handler, which of course can be a small function or a NSE script :) We can do the same for the vulnerability detection system. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins David Fifield (Apr 27)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins David Fifield (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Apr 29)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins David Fifield (Apr 29)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (May 11)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Apr 28)
- <Possible follow-ups>
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Djalal Harouni (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Djalal Harouni (Apr 28)