mailing list archives
[NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: Gutek <ange.gutek () gmail com>
Date: Sun, 13 Mar 2011 15:34:00 +0100
-----BEGIN PGP SIGNED MESSAGE-----
With 2.4M downloads and counting
(http://wordpress.org/download/counter/), Wordpress definitively
deserves its script.
When it comes to security, a CMS is less vulnerable itself than its
(numerous) third-party plugins and Wordpress has more than 13.000.
This script tries to list those probably installed on a given blog by
brute forcing the wp-content directory. The dictionnary it uses has the
13.405 existing plugins to date, sorted by popularity. Despite Nmap does
its best to parallelize the queries, it could take an hour to test them
all so by default the script will just test the 100 most popular ones.
Of course, an option is provided so that the user can tweak this from
any number to all.
Another option allows to manualy specify a path to the blog from the
website root. Because it's quite common that the blog service of a
website would not be at its root, the script also tries itself to find
its path through wordpress, even if not user-specified.
Sample output :
- - -- Interesting ports on my.woot.blog (18.104.22.168):
- - -- PORT STATE SERVICE REASON
- - -- 80/tcp open http syn-ack
- - -- | http-wp-plugins: (search amongst the 500 most popular plugins,
use --script-arg http-wp-plugins.search=<number|all> for deeper
- - -- |_akismet, wp-db-backup, all-in-one-seo-pack, stats, wp-to-twitter
With the hope someone considers it usefull,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)