Nmap Development mailing list archives
Re: Question about the output received from http-wordpress-plugins.nse
From: David Fifield <david () bamsoftware com>
Date: Thu, 8 Mar 2012 13:05:38 -0800
On Sat, Mar 03, 2012 at 01:57:16PM +0100, Gutek wrote:
Le 29/02/2012 05:55, David Arrington a écrit :Hi, I just ran a test to a server trying to find the plugins that a wordpress site is using. I did this searching for the top 100 plugins only. When I did this the output showed all 100 plugins. I know that not all of these plugins are installed, so I must be using this script incorrectly. Can someone familiar with this script give me an example of how to use it to find the plugins? Is there something else I need to do to see which of those 100 plugins are actually installed?I've tried to reproduce this against a bunch of websites but with no success. My guess is that you have found a special case that I didn't test when writing this script. I also think that it has something to do with the way your target handles 404 conditions, probably with some custom page showing like a 200 (thereby fooling the script). That would be interesting to investigate because this particular case should be covered.
Gutek, I found a site giving false positives because it redirects all requests to its "www" domain name to the name without the "www". I scanned the "www" one. NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently) (/wp-content/plugins/akismet/) NSE: http-wordpress-plugins.nse: Found a plugin: akismet NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently) (/wp-content/plugins/contact-form-7/) NSE: http-wordpress-plugins.nse: Found a plugin: contact-form-7 NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently) (/wp-content/plugins/nextgen-gallery/) NSE: http-wordpress-plugins.nse: Found a plugin: nextgen-gallery NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently) (/wp-content/plugins/wordpress-importer/) NSE: http-wordpress-plugins.nse: Found a plugin: wordpress-importer NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently) (/wp-content/plugins/si-contact-form/) NSE: http-wordpress-plugins.nse: Found a plugin: si-contact-form NSE: HTTP: Page didn't match the 404 response (301 Moved Permanently) (/wp-content/plugins/all-in-one-seo-pack/) NSE: http-wordpress-plugins.nse: Found a plugin: all-in-one-seo-pack David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Question about the output received from http-wordpress-plugins.nse David Arrington (Feb 28)
- Re: Question about the output received from http-wordpress-plugins.nse David Fifield (Mar 02)
- Re: Question about the output received from http-wordpress-plugins.nse Gutek (Mar 03)
- wp-plugins.lst update David Fifield (Mar 06)
- Re: wp-plugins.lst update Gutek (Mar 07)
- Re: wp-plugins.lst update David Fifield (Mar 08)
- wp-plugins.lst update David Fifield (Mar 06)
- Re: Question about the output received from http-wordpress-plugins.nse David Fifield (Mar 08)
- Re: Question about the output received from http-wordpress-plugins.nse Gutek (Mar 09)
- Re: Question about the output received from http-wordpress-plugins.nse David Fifield (Mar 14)