Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New WordPress NSE script (http-wordpress-info)

From: Robin Wood <robin@digi.ninja>
Date: Fri, 24 Oct 2014 21:48:55 +0100
On 24 Oct 2014 21:23, "peter () hackertarget com" <peter () hackertarget com>
wrote:


Hi List,

I have put together an Nmap NSE script for simple reconnaissance against

WordPress installations. This is my first attempt at lua scripting so let
me know if there are any glaring issues.


The script performs three tests.

1. Find version of WordPress, first it will check the generator tag for

the version, if this fails it will attempt to find the version in
/readme.html a default file in all WordPress builds.


2. Find the theme that is currently being used. This can be found by

matching the path /wp-content/theme/ in the source of the page.


3. Find plugins in use by parsing the page source and matching the path

/wp-content/plugins/. This will not find plugins, but is a non-intrusive
way to gather information.


The general idea is to have a non-intrusive way to survey WordPress

installations.


Sample output:

PORT   STATE SERVICE
80/tcp open  http
| http-wordpress-info:
|   version: WordPress 2.8.4
|   theme: radix
|   plugins:
|_    wpg2

Nmap done: 1 IP address (1 host up) scanned in 4.28 seconds


PORT   STATE SERVICE
80/tcp open  http
| http-wordpress-info:
|   version: WordPress 4.0
|   theme: canvas
|   plugins:
|     w3-total-cache
|_    simple-tooltips


Regards,

Peter



Have you considered integrating with the WP Vuln Database
https://wpvulndb.com ?

Robin



_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: