Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: Ron <ron () skullsecurity net>
Date: Sun, 13 Mar 2011 22:56:37 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

I haven't really looked at this code, but I'm wondering if it could be integrated into http-enum.nse? All http-enum 
really does is iterate over a list of probes and look for expected results. The probes (defined, by default, in 
http-fingerprints.lua) are a table. The table can be hardcoded, generated, read from a file, etc. 

Like I said, I only read your email, not the script itself, so I may be completely wrong about what you're doing. 

Thanks! 

Ron

On Sun, 13 Mar 2011 15:34:00 +0100 Gutek <ange.gutek () gmail com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

With 2.4M downloads and counting
(http://wordpress.org/download/counter/), Wordpress definitively
deserves its script.
When it comes to security, a CMS is less vulnerable itself than its
(numerous) third-party plugins and Wordpress has more than 13.000.

This script tries to list those probably installed on a given blog by
brute forcing the wp-content directory. The dictionnary it uses has
the 13.405 existing plugins to date, sorted by popularity. Despite
Nmap does its best to parallelize the queries, it could take an hour
to test them all so by default the script will just test the 100 most
popular ones. Of course, an option is provided so that the user can
tweak this from any number to all.

Another option allows to manualy specify a path to the blog from the
website root. Because it's quite common that the blog service of a
website would not be at its root, the script also tries itself to find
its path through wordpress, even if not user-specified.

Sample output :
- - -- Interesting ports on my.woot.blog (123.123.123.123):
- - -- PORT   STATE SERVICE REASON
- - -- 80/tcp open  http    syn-ack
- - -- | http-wp-plugins: (search amongst the 500 most popular
plugins, use --script-arg http-wp-plugins.search=&lt;number|all&gt;
for deeper analysis)
- - -- |_akismet, wp-db-backup, all-in-one-seo-pack, stats,
wp-to-twitter

With the hope someone considers it usefull,

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk181dcACgkQ3aDTTO0ha7gQQACdH3XPu63zQ5AH3jJpXfhCzRfT
VT4AnjRfDwjF1odSQVswFx+Eu1NkMQNR
=WmOK
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk19kfUACgkQ2t2zxlt4g/Q9ZgCgipubvPNQWPy2OxUBeQIWvrRP
BVYAn2ECr0Y0ZPRbnymGWB2//w8JaLAj
=VUox
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault