Nmap Development mailing list archives
Re: WordPress NSE for theme discovery (http-wordpress-themes)
From: Paulino Calderon Pale <paulino () calderonpale com>
Date: Thu, 20 Nov 2014 09:33:54 -0600
Hi list, I’m looking into this contribution and I have some thoughts I wanted to share with you. Do you think we can merge this script with http-wordpress-plugins and rename it to something like http-wordpress-resources, http-wordpress-enum or similar? The script http-wordpress-themes is a clone of http-wordpress-plugins so we can probably avoid introducing duplicate code by merging them. Cheers.
On Nov 3, 2014, at 2:16 PM, Paulino Calderon <paulino () calderonpale com <mailto:paulino () calderonpale com>> wrote: Hi Peter, Thank you for your contribution. I tested it and worked great against some WP installations I have access to. The top 100 most popular themes database also seems to be effective. In my case it returned a few matches for every single site. I will update the documentation and commit your script soon. Cheers. On Mon, Nov 3, 2014 at 5:42 AM, peter () hackertarget com <mailto:peter () hackertarget com> <peter () hackertarget com <mailto:peter () hackertarget com>> wrote: Hi List, I have another WordPress auditing NSE script to contribute this time for the discovery of themes in a WordPress installation. Vulnerable themes installed but not active still pose a threat (as seen in the wide spread timthumb vulnerability). Brute forcing the path is really the only way to find them in a blackbox type assessment. The NSE script is a clone of the http-wordpress-plugins.nse script. To build the wp-theme.lst file I crawled the top 1 million sites and found 200K WordPress installations. Active themes were extracted from the html source to create an ordered list of the most popular themes currently in use. The theme repository at wordpress.org <http://wordpress.org/> was also crawled and included in the list. By using the theme data from the top 1 million sites the list includes all the most popular WordPress commercial themes, many that are not listed on wordpress.org <http://wordpress.org/>. I think this script will complement the existing WordPress nse auditing script family. - http-wordpress-plugins.nse (path discovery of plugins) - http-wordpress-enum.nse (enumerate users) - http-wordpress-brute.nse (brute force passwords) - http-wordpress-themes.nse (path based discovery of themes) - http-wordpress.info.nse (*safe* detection of Core Version and active theme) Regards, Peter _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev <http://nmap.org/mailman/listinfo/dev> Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/>
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- WordPress NSE for theme discovery (http-wordpress-themes) peter () hackertarget com (Nov 03)
- Re: WordPress NSE for theme discovery (http-wordpress-themes) Paulino Calderon (Nov 03)
- Re: WordPress NSE for theme discovery (http-wordpress-themes) Paulino Calderon Pale (Nov 20)
- Re: WordPress NSE for theme discovery (http-wordpress-themes) Paulino Calderon (Nov 03)