Nmap Development mailing list archives
Re: WordPress Plugins and Themes NSE tweaks
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Wed, 28 Jan 2015 18:21:20 +0530
Hi Peter, I'll try implementing these changes in the combined script.Hope to post an update soon. Regards, Gyanendra Mishra Hello, I have another update to the http-wordpress-plugins.nse that now not only gets the version of the currently installed plugin but will also query the wordpress.org API to get the latest version. Here is a sample of the output (the API call can be disabled with a --script-arg). Interesting ports on my.woot.blog (123.123.123.123): PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-wordpress-plugins: | search amongst the 500 most popular plugins | akismet 3.0.4 (latest version: 3.0.4) | wordpress-seo 1.7 (latest version: 1.7.1) | disqus-comment-system 2.83 (latest version: 2.84) |_ wp-to-twitter 1.2 (latest version: 1.45) Hopefully someone will find this helpful, this is an easy way to find WordPress installs that are not being maintained and likely vulnerable. My latest updates to the scripts can be found here -> https://github.com/peter-hackertarget/nmap-nse-scripts On Thu, Jan 15, 2015 at 10:59 PM, peter () hackertarget com <peter () hackertarget com> wrote:
Hello, I have implemented a tweak to the http-wordpress-plugins.nse script that
now
outputs the version of the discovered plugins. Installed WordPress plugins contain a readme.txt that is in a standard form and contains the version information. This file is simply parsed (only for discovered plugins) and included in the results. Further to the previously mentioned http-wordpress-themes.nse detection script (http://seclists.org/nmap-dev/2014/q4/156), I have also included a similar version check against discovered themes using the theme style.css file that also contains a version string in standard form. Cheers, Peter
-- Regards, Peter -------------------------------------------------- Hosted Vulnerability Scanners Web: https://hackertarget.com/ -------------------------------------------------- _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 15)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 29)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 28)
- <Possible follow-ups>
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 29)
- Re: WordPress Plugins and Themes NSE tweaks Paulino Calderon Pale (Feb 08)