Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: Gutek <ange.gutek () gmail com>
Date: Sun, 13 Mar 2011 15:34:00 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

With 2.4M downloads and counting
(http://wordpress.org/download/counter/), Wordpress definitively
deserves its script.
When it comes to security, a CMS is less vulnerable itself than its
(numerous) third-party plugins and Wordpress has more than 13.000.

This script tries to list those probably installed on a given blog by
brute forcing the wp-content directory. The dictionnary it uses has the
13.405 existing plugins to date, sorted by popularity. Despite Nmap does
its best to parallelize the queries, it could take an hour to test them
all so by default the script will just test the 100 most popular ones.
Of course, an option is provided so that the user can tweak this from
any number to all.

Another option allows to manualy specify a path to the blog from the
website root. Because it's quite common that the blog service of a
website would not be at its root, the script also tries itself to find
its path through wordpress, even if not user-specified.

Sample output :
- - -- Interesting ports on my.woot.blog (123.123.123.123):
- - -- PORT   STATE SERVICE REASON
- - -- 80/tcp open  http    syn-ack
- - -- | http-wp-plugins: (search amongst the 500 most popular plugins,
use --script-arg http-wp-plugins.search=&lt;number|all&gt; for deeper
analysis)
- - -- |_akismet, wp-db-backup, all-in-one-seo-pack, stats, wp-to-twitter

With the hope someone considers it usefull,

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk181dcACgkQ3aDTTO0ha7gQQACdH3XPu63zQ5AH3jJpXfhCzRfT
VT4AnjRfDwjF1odSQVswFx+Eu1NkMQNR
=WmOK
-----END PGP SIGNATURE-----

Attachment: wp-plugins.lst.tar.gz
Description:

Attachment: http-wp-plugins.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault