Re: WordPress Plugins and Themes NSE tweaks

["peter () hackertarget com" <peter () hackertarget com>]

Hi,

The "combo" script appears to work well I have tested it against a number
of sites with various script-args and it works as expected.

I suggest changing the name to http-wordpress-resources.nse as mentioned by
Paulino in a previous email, as this gives a better indication of the
scripts purpose.

In addition "search amongst the 100 plugins or keys resulted :" could be
changed to "search amongst the 100 most popular resources:" or even "search
amongst the 100 top themes and plugins" <-- depending on the
"http-wordpress-resources.type=" selection (themes or plugins or themes and
plugins).


Cheers,

Peter

On Thu, Jan 29, 2015 at 6:54 AM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:

> Hi Peter,
> I have merged the two.
> It doesn't check for the latest plugin by default you have to add
> http-wordpress-combo.apicheck="true" for the same.
> The script is working fine for me.
> Please check if it is  working properly for you too.
> Regards,
> Gyanendra
>
> On Wed, Jan 28, 2015 at 6:21 PM, Gyanendra Mishra <anomaly.the () gmail com>
> wrote:
>
> > Hi Peter,
> > I'll try implementing these changes in the combined script.Hope to post
> > an update soon.
> > Regards,
> > Gyanendra Mishra
> > Hello,
> >
> > I have another update to the http-wordpress-plugins.nse that now not
> > only gets the version of the currently installed plugin but will also
> > query the wordpress.org API to get the latest version. Here is a
> > sample of the output (the API call can be disabled with a
> > --script-arg).
> >
> > Interesting ports on my.woot.blog (123.123.123.123):
> > PORT   STATE SERVICE REASON
> > 80/tcp open  http    syn-ack
> > | http-wordpress-plugins:
> > | search amongst the 500 most popular plugins
> > |   akismet 3.0.4 (latest version: 3.0.4)
> > |   wordpress-seo 1.7 (latest version: 1.7.1)
> > |   disqus-comment-system 2.83 (latest version: 2.84)
> > |_  wp-to-twitter 1.2 (latest version: 1.45)
> >
> >
> > Hopefully someone will find this helpful, this is an easy way to find
> > WordPress installs that are not being maintained and likely
> > vulnerable.
> >
> > My latest updates to the scripts can be found here ->
> > https://github.com/peter-hackertarget/nmap-nse-scripts
> >
> >
> > On Thu, Jan 15, 2015 at 10:59 PM, peter () hackertarget com
> > <peter () hackertarget com> wrote:
> > > Hello,
> > >
> > > I have implemented a tweak to the http-wordpress-plugins.nse script
> > that now
> > > outputs the version of the discovered plugins. Installed WordPress
> > plugins
> > > contain a readme.txt that is in a standard form and contains the version
> > > information. This file is simply parsed (only for discovered plugins)
> > and
> > > included in the results.
> > >
> > > Further to the previously mentioned http-wordpress-themes.nse detection
> > > script (http://seclists.org/nmap-dev/2014/q4/156), I have also
> > included a
> > > similar version check against discovered themes using the theme
> > style.css
> > > file that also contains a version string in standard form.
> > >
> > >
> > >
> > > Cheers,
> > >
> > > Peter
> >
> >
> >
> > --
> > Regards,
> >
> > Peter
> > --------------------------------------------------
> > Hosted Vulnerability Scanners
> > Web: https://hackertarget.com/
> > --------------------------------------------------
> > _______________________________________________
> > Sent through the dev mailing list
> > https://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/
>
>
>
> --
> Gyanendra Mishra
> CS Sophomore
> BITS PILANI, Pilani Campus
> email-anomaly.the () gmail com
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/