Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

http-wp-enum.nse - Wordpress user enumeration

From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 04 Jul 2011 20:23:20 -0700
Hi nmap-dev,
Here is my script to enumerate usernames in Wordpress installations. I noticed some WAF's are blocking requests when using Nmap's default user agent. If you see http errors with status 501, try changing the user agent for the requests. 

description = [[
http-wp-enum enumerates usernames in Wordpress installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others. 

Original advisory:
* http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure 
]]
-- @usage
-- nmap -p80 --script http-wp-enum <host>
--
-- @output
-- PORT   STATE SERVICE REASON
-- 80/tcp open  http    syn-ack
-- | http-wp-enum:
-- | Username found: admin
-- | Username found: mauricio
-- | Username found: box
-- | Username found: carlos
-- | Username found: laura
-- | Username found: fer
-- | Username found: daniel
-- | Username found: javi
-- | Username found: daz
-- | Username found: cesar
-- | Username found: lean
-- | Username found: alex
-- | Username found: ricardo
--
-- @args http-wp-enum.limit Upper limit for ID search. Default: 25
-- @args http-wp-enum.basepath Base path to Wordpress


Cheers.

--
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: http://www.twitter.com/paulinocaIderon

Attachment: http-wp-enum.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: