Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: David Fifield <david () bamsoftware com>
Date: Wed, 27 Apr 2011 20:27:25 -0700

On Mon, Mar 14, 2011 at 06:41:02AM +0100, Gutek wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 14/03/2011 04:56, Ron a écrit :
Hey,

I haven't really looked at this code, but I'm wondering if it could be integrated into http-enum.nse? All http-enum 
really does is iterate over a list of probes and look for expected results. The probes (defined, by default, in 
http-fingerprints.lua) are a table. The table can be hardcoded, generated, read from a file, etc. 

Like I said, I only read your email, not the script itself, so I may be completely wrong about what you're doing. 

Thanks! 

Ron

Hi Ron,
Indeed, that was my first intention : I was actually looking for new
fingerprints for it :)
But I kickly realized the potential huge amount of queries, later
confirmed by a quick while-http.get()-end on the plugins list : it took
an hour or so and http.pipeline doesn't help much.
Then, considering the amount of fingerprints already tested by
http-enum, it sounds me a very long scan for someone who just want to
deal with a wordpress blog (or, who does'nt care about wp).
Creating a Wordpress category and using http-enum.category would fix it,
but I've planned to later add a plugin version vs. known threats comparison.

Anyway, for those reasons I decided to make a separate script, with some
more options than the brute force part (like the hability to find its
path alone to wordpress directory).

But if simpler is better and the need for a separate specialized script
is not obvious, feel free to consider and add the plugins.lst content to
the fingerprints database.

I think I agree that this would be better done as part of an adaptive,
general http-enum algorithm. But WordPress is enough of a special case
that we can add this specialized script, I think.

By the way, how did you get the database sorted by popularity?

Would one of the NSE mentors or other developers take a look at this
script and commit it if there are no problems?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]