Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WordPress NSE for theme discovery (http-wordpress-themes)

From: Paulino Calderon Pale <paulino () calderonpale com>
Date: Thu, 20 Nov 2014 09:33:54 -0600
Hi list,

I’m looking into this contribution and I have some thoughts I wanted to share with you. Do you think we can merge this 
script with http-wordpress-plugins and rename it to something like http-wordpress-resources, http-wordpress-enum or 
similar? The script http-wordpress-themes is a clone of http-wordpress-plugins so we can probably avoid introducing 
duplicate code by merging them.

Cheers.



On Nov 3, 2014, at 2:16 PM, Paulino Calderon <paulino () calderonpale com <mailto:paulino () calderonpale com>> wrote:

Hi Peter,

Thank you for your contribution. I tested it and worked great against some WP installations I have access to. The top 
100 most popular themes database also seems to be effective. In my case it returned a few matches for every single 
site.

I will update the documentation and commit your script soon.

Cheers.

On Mon, Nov 3, 2014 at 5:42 AM, peter () hackertarget com <mailto:peter () hackertarget com> <peter () hackertarget 
com <mailto:peter () hackertarget com>> wrote:
Hi List,

I have another WordPress auditing NSE script to contribute this time for the discovery of themes in a WordPress 
installation.

Vulnerable themes installed but not active still pose a threat (as seen in the wide spread timthumb vulnerability). 
Brute forcing the path is really the only way to find them in a blackbox type assessment.

The NSE script is a clone of the http-wordpress-plugins.nse script. 

To build the wp-theme.lst file I crawled the top 1 million sites and found 200K WordPress installations. Active 
themes were extracted from the html source to create an ordered list of the most popular themes currently in use. The 
theme repository at wordpress.org <http://wordpress.org/> was also crawled and included in the list.

By using the theme data from the top 1 million sites the list includes all the most popular WordPress commercial 
themes, many that are not listed on wordpress.org <http://wordpress.org/>.


I think this script will complement the existing WordPress nse auditing script family.

- http-wordpress-plugins.nse (path discovery of plugins)
- http-wordpress-enum.nse (enumerate users)
- http-wordpress-brute.nse (brute force passwords)
- http-wordpress-themes.nse (path based discovery of themes)
- http-wordpress.info.nse (*safe* detection of Core Version and active theme)



Regards,

Peter

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev <http://nmap.org/mailman/listinfo/dev>
Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/>




_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: