Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins

[Henri Doreau <henri.doreau () gmail com>]

2011/3/14 Gutek <ange.gutek () gmail com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Ron,
> Indeed, that was my first intention : I was actually looking for new
> fingerprints for it :)
> But I kickly realized the potential huge amount of queries, later
> confirmed by a quick while-http.get()-end on the plugins list : it took
> an hour or so and http.pipeline doesn't help much.
> Then, considering the amount of fingerprints already tested by
> http-enum, it sounds me a very long scan for someone who just want to
> deal with a wordpress blog (or, who does'nt care about wp).
Hi,

retrieving the wordpress plugins list is a good idea!!

I am wondering whether we could improve http-enum and/or the
fingerprint database to implement a smarter system.

I don't know how hard to implement and desirable that would be but
some paths might activate the detection of other ones (that would have
been skipped otherwise). This way we could avoid to do a complete
plugins research in case we have no wordpress installation detected
for instance.

I am not comfortable with http-enum internals, but I can imagine
something like adding a callback to the fingerprints table, to be
executed when an associated path is detected as valid.

> Creating a Wordpress category and using http-enum.category would fix it,
> but I've planned to later add a plugin version vs. known threats comparison.
A dependencies-aware system would also give the ability to insert
entries into the registry, for example to perform vulnerability
researches against detected applications or modules.

> Anyway, for those reasons I decided to make a separate script, with some
> more options than the brute force part (like the hability to find its
> path alone to wordpress directory).
>
> But if simpler is better and the need for a separate specialized script
> is not obvious, feel free to consider and add the plugins.lst content to
> the fingerprints database.
>
> Thanks for your comment !
>
> A.G.

my 2cts.


-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/