Nmap Development mailing list archives
WordPress NSE for theme discovery (http-wordpress-themes)
From: "peter () hackertarget com" <peter () hackertarget com>
Date: Mon, 3 Nov 2014 22:42:13 +1100
Hi List, I have another WordPress auditing NSE script to contribute this time for the discovery of themes in a WordPress installation. Vulnerable themes installed but not active still pose a threat (as seen in the wide spread timthumb vulnerability). Brute forcing the path is really the only way to find them in a blackbox type assessment. The NSE script is a clone of the http-wordpress-plugins.nse script. To build the wp-theme.lst file I crawled the top 1 million sites and found 200K WordPress installations. Active themes were extracted from the html source to create an ordered list of the most popular themes currently in use. The theme repository at wordpress.org was also crawled and included in the list. By using the theme data from the top 1 million sites the list includes all the most popular WordPress commercial themes, many that are not listed on wordpress.org. I think this script will complement the existing WordPress nse auditing script family. - http-wordpress-plugins.nse (path discovery of plugins) - http-wordpress-enum.nse (enumerate users) - http-wordpress-brute.nse (brute force passwords) - http-wordpress-themes.nse (path based discovery of themes) - http-wordpress.info.nse (*safe* detection of Core Version and active theme) Regards, Peter
Attachment:
wp-themes.lst
Description:
Attachment:
http-wordpress-themes.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- WordPress NSE for theme discovery (http-wordpress-themes) peter () hackertarget com (Nov 03)
- Re: WordPress NSE for theme discovery (http-wordpress-themes) Paulino Calderon (Nov 03)
- Re: WordPress NSE for theme discovery (http-wordpress-themes) Paulino Calderon Pale (Nov 20)
- Re: WordPress NSE for theme discovery (http-wordpress-themes) Paulino Calderon (Nov 03)