WordPress NSE for theme discovery (http-wordpress-themes)

["peter () hackertarget com" <peter () hackertarget com>]

Hi List,

I have another WordPress auditing NSE script to contribute this time for
the discovery of themes in a WordPress installation.

Vulnerable themes installed but not active still pose a threat (as seen in
the wide spread timthumb vulnerability). Brute forcing the path is really
the only way to find them in a blackbox type assessment.

The NSE script is a clone of the http-wordpress-plugins.nse script.

To build the wp-theme.lst file I crawled the top 1 million sites and found
200K WordPress installations. Active themes were extracted from the html
source to create an ordered list of the most popular themes currently in
use. The theme repository at wordpress.org was also crawled and included in
the list.

By using the theme data from the top 1 million sites the list includes all
the most popular WordPress commercial themes, many that are not listed on
wordpress.org.


I think this script will complement the existing WordPress nse auditing
script family.

- http-wordpress-plugins.nse (path discovery of plugins)
- http-wordpress-enum.nse (enumerate users)
- http-wordpress-brute.nse (brute force passwords)
- http-wordpress-themes.nse (path based discovery of themes)
- http-wordpress.info.nse (*safe* detection of Core Version and active
theme)



Regards,

Peter

Attachment: wp-themes.lst
Description:

Attachment: http-wordpress-themes.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/