RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

["Chris Weber" <chris () casabasecurity com>]

Ryan - I'm I correct that the two methods you use for identifying the WP
version are:

a) Parse the readme.html file for the version number
b) Parse the meta tag generator content for the WP version number

In the case where both of these failed, what do you do?  Does Seth's plan of
comparing hashes of the js/css/other files sound like it would work?

-Chris


-----Original Message-----
From: websecurity-bounces () lists webappsec org
[mailto:websecurity-bounces () lists webappsec org] On Behalf Of seth
Sent: Sunday, June 19, 2011 12:14 AM
To: ryandewhurst () gmail com
Cc: webappsec () securityfocus com; websecurity () webappsec org
Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

I have started a wp scanner but lost the files before finishing and never
started again. It had three ways of identifying the version:
Generator meta tag
Readme file (you already download it, and the only valuable information i
see is the version number. Why not showing it?) Downloading some javascript,
css, images, etc. Then comparing the hashes of these files against an array
that was like [file][hash]=>version Hope it's usefull 





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------