Nmap Development mailing list archives
Re: WordPress Plugins and Themes NSE tweaks
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Fri, 30 Jan 2015 02:36:08 +0530
Hi , I changed the name.Renamed some functions and variables and also added some content in the 'Description'. I hope it is in tune with Nmaps coding style.Rest of the functionality is the same. I changed the 'search amongst the 10 plugin or keys' to 'search amongst the 10 most popular resulted : ' as suggested by you. Earlier the #result > 0 check wasn't working properly as it would never throw the 'nothing found message' as it would always have a table inside it. Now the number of themes/plugins are checked and accordingly the output is given. Please check if its working fine for you. Regards, Gyanendra On Thu, Jan 29, 2015 at 3:22 PM, peter () hackertarget com < peter () hackertarget com> wrote:
Hi, The "combo" script appears to work well I have tested it against a number of sites with various script-args and it works as expected. I suggest changing the name to http-wordpress-resources.nse as mentioned by Paulino in a previous email, as this gives a better indication of the scripts purpose. In addition "search amongst the 100 plugins or keys resulted :" could be changed to "search amongst the 100 most popular resources:" or even "search amongst the 100 top themes and plugins" <-- depending on the "http-wordpress-resources.type=" selection (themes or plugins or themes and plugins). Cheers, Peter On Thu, Jan 29, 2015 at 6:54 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:Hi Peter, I have merged the two. It doesn't check for the latest plugin by default you have to add http-wordpress-combo.apicheck="true" for the same. The script is working fine for me. Please check if it is working properly for you too. Regards, Gyanendra On Wed, Jan 28, 2015 at 6:21 PM, Gyanendra Mishra <anomaly.the () gmail com> wrote:Hi Peter, I'll try implementing these changes in the combined script.Hope to post an update soon. Regards, Gyanendra Mishra Hello, I have another update to the http-wordpress-plugins.nse that now not only gets the version of the currently installed plugin but will also query the wordpress.org API to get the latest version. Here is a sample of the output (the API call can be disabled with a --script-arg). Interesting ports on my.woot.blog (123.123.123.123): PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-wordpress-plugins: | search amongst the 500 most popular plugins | akismet 3.0.4 (latest version: 3.0.4) | wordpress-seo 1.7 (latest version: 1.7.1) | disqus-comment-system 2.83 (latest version: 2.84) |_ wp-to-twitter 1.2 (latest version: 1.45) Hopefully someone will find this helpful, this is an easy way to find WordPress installs that are not being maintained and likely vulnerable. My latest updates to the scripts can be found here -> https://github.com/peter-hackertarget/nmap-nse-scripts On Thu, Jan 15, 2015 at 10:59 PM, peter () hackertarget com <peter () hackertarget com> wrote:Hello, I have implemented a tweak to the http-wordpress-plugins.nse scriptthat nowoutputs the version of the discovered plugins. Installed WordPresspluginscontain a readme.txt that is in a standard form and contains theversioninformation. This file is simply parsed (only for discovered plugins)andincluded in the results. Further to the previously mentioned http-wordpress-themes.nse detection script (http://seclists.org/nmap-dev/2014/q4/156), I have alsoincluded asimilar version check against discovered themes using the themestyle.cssfile that also contains a version string in standard form. Cheers, Peter-- Regards, Peter -------------------------------------------------- Hosted Vulnerability Scanners Web: https://hackertarget.com/ -------------------------------------------------- _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-- Gyanendra Mishra CS Sophomore BITS PILANI, Pilani Campus email-anomaly.the () gmail com _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- Gyanendra Mishra CS Sophomore BITS PILANI, Pilani Campus email-anomaly.the () gmail com
Attachment:
http-wordpress-resources.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 15)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 29)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 28)
- <Possible follow-ups>
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 29)
- Re: WordPress Plugins and Themes NSE tweaks Paulino Calderon Pale (Feb 08)