Nmap Development mailing list archives

Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins

From: Gutek <ange.gutek () gmail com>
Date: Mon, 14 Mar 2011 06:41:02 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 14/03/2011 04:56, Ron a écrit :

Hey,

I haven't really looked at this code, but I'm wondering if it could be integrated into http-enum.nse? All http-enum 
really does is iterate over a list of probes and look for expected results. The probes (defined, by default, in 
http-fingerprints.lua) are a table. The table can be hardcoded, generated, read from a file, etc. 

Like I said, I only read your email, not the script itself, so I may be completely wrong about what you're doing. 

Thanks! 

Ron

Hi Ron,
Indeed, that was my first intention : I was actually looking for new
fingerprints for it :)
But I kickly realized the potential huge amount of queries, later
confirmed by a quick while-http.get()-end on the plugins list : it took
an hour or so and http.pipeline doesn't help much.
Then, considering the amount of fingerprints already tested by
http-enum, it sounds me a very long scan for someone who just want to
deal with a wordpress blog (or, who does'nt care about wp).
Creating a Wordpress category and using http-enum.category would fix it,
but I've planned to later add a plugin version vs. known threats comparison.

Anyway, for those reasons I decided to make a separate script, with some
more options than the brute force part (like the hability to find its
path alone to wordpress directory).

But if simpler is better and the need for a separate specialized script
is not obvious, feel free to consider and add the plugins.lst content to
the fingerprints database.

Thanks for your comment !

A.G.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk19qm4ACgkQ3aDTTO0ha7hUSACZAV9BWDxfsJrkAYSNUK64ozde
uDMAnRCWhc6QkMoa78UsQ0qpMYM2zH17
=PqPb
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Ron (Mar 13)
  - Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
    - Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Mar 14)