Nmap Development mailing list archives
Re: WordPress Plugins and Themes NSE tweaks
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Thu, 29 Jan 2015 01:24:42 +0530
Hi Peter, I have merged the two. It doesn't check for the latest plugin by default you have to add http-wordpress-combo.apicheck="true" for the same. The script is working fine for me. Please check if it is working properly for you too. Regards, Gyanendra On Wed, Jan 28, 2015 at 6:21 PM, Gyanendra Mishra <anomaly.the () gmail com> wrote:
Hi Peter, I'll try implementing these changes in the combined script.Hope to post an update soon. Regards, Gyanendra Mishra Hello, I have another update to the http-wordpress-plugins.nse that now not only gets the version of the currently installed plugin but will also query the wordpress.org API to get the latest version. Here is a sample of the output (the API call can be disabled with a --script-arg). Interesting ports on my.woot.blog (123.123.123.123): PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-wordpress-plugins: | search amongst the 500 most popular plugins | akismet 3.0.4 (latest version: 3.0.4) | wordpress-seo 1.7 (latest version: 1.7.1) | disqus-comment-system 2.83 (latest version: 2.84) |_ wp-to-twitter 1.2 (latest version: 1.45) Hopefully someone will find this helpful, this is an easy way to find WordPress installs that are not being maintained and likely vulnerable. My latest updates to the scripts can be found here -> https://github.com/peter-hackertarget/nmap-nse-scripts On Thu, Jan 15, 2015 at 10:59 PM, peter () hackertarget com <peter () hackertarget com> wrote:Hello, I have implemented a tweak to the http-wordpress-plugins.nse script thatnowoutputs the version of the discovered plugins. Installed WordPresspluginscontain a readme.txt that is in a standard form and contains the version information. This file is simply parsed (only for discovered plugins) and included in the results. Further to the previously mentioned http-wordpress-themes.nse detection script (http://seclists.org/nmap-dev/2014/q4/156), I have also includedasimilar version check against discovered themes using the theme style.css file that also contains a version string in standard form. Cheers, Peter-- Regards, Peter -------------------------------------------------- Hosted Vulnerability Scanners Web: https://hackertarget.com/ -------------------------------------------------- _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- Gyanendra Mishra CS Sophomore BITS PILANI, Pilani Campus email-anomaly.the () gmail com
Attachment:
http-wordpress-combo.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 15)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 29)
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 28)
- Re: WordPress Plugins and Themes NSE tweaks peter () hackertarget com (Jan 28)
- <Possible follow-ups>
- Re: WordPress Plugins and Themes NSE tweaks Gyanendra Mishra (Jan 29)
- Re: WordPress Plugins and Themes NSE tweaks Paulino Calderon Pale (Feb 08)