Nmap Development mailing list archives
Re: New WordPress NSE script (http-wordpress-info)
From: Robin Wood <robin@digi.ninja>
Date: Mon, 27 Oct 2014 15:32:19 +0000
On 27 October 2014 13:58, peter () hackertarget com <peter () hackertarget com> wrote:
Hi Robin, Thanks for the feedback, I had considered using an external source for vulnerability data. However my main goal was for a very light weight script that could give a quick overview of multiple WordPress installations. I have in the past performed large scale WordPress surveys. An external API lookup would slow down the scanning process. I will consider adding a script-arg to enable an API call against the DB.
To speed it up a bit, I've found that on large jobs for the same client, the sites all tend to use the same set of plugins and base themes so if you set up caching correctly then after the first site has been tested the rest will mostly be pulling data from the cache rather than online. I agree making it optional is best though, especially as you don't always have internet access while doing this scanning. Robin
Peter On Sat, Oct 25, 2014 at 7:48 AM, Robin Wood <robin@digi.ninja> wrote:On 24 Oct 2014 21:23, "peter () hackertarget com" <peter () hackertarget com> wrote:Hi List, I have put together an Nmap NSE script for simple reconnaissance against WordPress installations. This is my first attempt at lua scripting so let me know if there are any glaring issues. The script performs three tests. 1. Find version of WordPress, first it will check the generator tag for the version, if this fails it will attempt to find the version in /readme.html a default file in all WordPress builds. 2. Find the theme that is currently being used. This can be found by matching the path /wp-content/theme/ in the source of the page. 3. Find plugins in use by parsing the page source and matching the path /wp-content/plugins/. This will not find plugins, but is a non-intrusive way to gather information. The general idea is to have a non-intrusive way to survey WordPress installations. Sample output: PORT STATE SERVICE 80/tcp open http | http-wordpress-info: | version: WordPress 2.8.4 | theme: radix | plugins: |_ wpg2 Nmap done: 1 IP address (1 host up) scanned in 4.28 seconds PORT STATE SERVICE 80/tcp open http | http-wordpress-info: | version: WordPress 4.0 | theme: canvas | plugins: | w3-total-cache |_ simple-tooltips Regards, PeterHave you considered integrating with the WP Vuln Database https://wpvulndb.com ? Robin_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-- Regards, Peter -------------------------------------------------- Security Scanning Tools On-line Web: http://hackertarget.com/ --------------------------------------------------
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New WordPress NSE script (http-wordpress-info) peter () hackertarget com (Oct 24)
- Re: New WordPress NSE script (http-wordpress-info) Robin Wood (Oct 24)
- Re: New WordPress NSE script (http-wordpress-info) peter () hackertarget com (Oct 27)
- Re: New WordPress NSE script (http-wordpress-info) Robin Wood (Oct 27)
- Re: New WordPress NSE script (http-wordpress-info) peter () hackertarget com (Oct 27)
- Message not available
- Re: New WordPress NSE script (http-wordpress-info) George Chatzisofroniou (Oct 26)
- Message not available
- Re: New WordPress NSE script (http-wordpress-info) George Chatzisofroniou (Nov 02)
- Re: New WordPress NSE script (http-wordpress-info) George Chatzisofroniou (Oct 26)
- Re: New WordPress NSE script (http-wordpress-info) Robin Wood (Oct 24)