Nmap Development mailing list archives
http-wp-enum.nse - Wordpress user enumeration
From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 04 Jul 2011 20:23:20 -0700
Hi nmap-dev,Here is my script to enumerate usernames in Wordpress installations. I noticed some WAF's are blocking requests when using Nmap's default user agent. If you see http errors with status 501, try changing the user agent for the requests.
description = [[http-wp-enum enumerates usernames in Wordpress installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others.
Original advisory:* http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure
]] -- @usage -- nmap -p80 --script http-wp-enum <host> -- -- @output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-wp-enum: -- | Username found: admin -- | Username found: mauricio -- | Username found: box -- | Username found: carlos -- | Username found: laura -- | Username found: fer -- | Username found: daniel -- | Username found: javi -- | Username found: daz -- | Username found: cesar -- | Username found: lean -- | Username found: alex -- | Username found: ricardo -- -- @args http-wp-enum.limit Upper limit for ID search. Default: 25 -- @args http-wp-enum.basepath Base path to Wordpress Cheers. -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/paulinocaIderon
Attachment:
http-wp-enum.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-wp-enum.nse - Wordpress user enumeration Paulino Calderon (Jul 04)
- Re: http-wp-enum.nse - Wordpress user enumeration Hani Benhabiles (Jul 04)
- Re: http-wp-enum.nse - Wordpress user enumeration Paulino Calderon (Jul 04)