Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: Djalal Harouni <tixxdz () opendz org>
Date: Fri, 29 Apr 2011 00:43:42 +0100

Just some random ideas.

On 2011-03-14 18:30:38 +0100, Henri Doreau wrote:
2011/3/14 Gutek <ange.gutek () gmail com>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ron,
Indeed, that was my first intention : I was actually looking for new
fingerprints for it :)
But I kickly realized the potential huge amount of queries, later
confirmed by a quick while-http.get()-end on the plugins list : it took
an hour or so and http.pipeline doesn't help much.
Then, considering the amount of fingerprints already tested by
http-enum, it sounds me a very long scan for someone who just want to
deal with a wordpress blog (or, who does'nt care about wp).
Hi,

retrieving the wordpress plugins list is a good idea!!
We can add some NSE code or a script to retrieve and update the plugins
list, a script that will let users to _control_ and update the
fingerprints.
Actually I think that this should be done by an update handler function,
which will be part of a framework. Nmap update feed system can also call
and use these handlers.

We should also offer a way to users to contribute http fingerprints as
it is done with the OS fingerprints. Users should send them to nmap-dev.

I am wondering whether we could improve http-enum and/or the
fingerprint database to implement a smarter system.

I don't know how hard to implement and desirable that would be but
some paths might activate the detection of other ones (that would have
been skipped otherwise). This way we could avoid to do a complete
plugins research in case we have no wordpress installation detected
for instance.

I am not comfortable with http-enum internals, but I can imagine
something like adding a callback to the fingerprints table, to be
executed when an associated path is detected as valid.
I'll try to look at http-enum (sorry perhaps I'm missing something), but
I can tell that yes a smarter _modular_ system is the key, this way for
each task we just add a handler, which of course can be a small function
or a NSE script :)

We can do the same for the vulnerability detection system.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]