Nmap Development mailing list archives
Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: David Fifield <david () bamsoftware com>
Date: Wed, 27 Apr 2011 20:27:25 -0700
On Mon, Mar 14, 2011 at 06:41:02AM +0100, Gutek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 14/03/2011 04:56, Ron a écrit :Hey, I haven't really looked at this code, but I'm wondering if it could be integrated into http-enum.nse? All http-enum really does is iterate over a list of probes and look for expected results. The probes (defined, by default, in http-fingerprints.lua) are a table. The table can be hardcoded, generated, read from a file, etc. Like I said, I only read your email, not the script itself, so I may be completely wrong about what you're doing. Thanks! RonHi Ron, Indeed, that was my first intention : I was actually looking for new fingerprints for it :) But I kickly realized the potential huge amount of queries, later confirmed by a quick while-http.get()-end on the plugins list : it took an hour or so and http.pipeline doesn't help much. Then, considering the amount of fingerprints already tested by http-enum, it sounds me a very long scan for someone who just want to deal with a wordpress blog (or, who does'nt care about wp). Creating a Wordpress category and using http-enum.category would fix it, but I've planned to later add a plugin version vs. known threats comparison. Anyway, for those reasons I decided to make a separate script, with some more options than the brute force part (like the hability to find its path alone to wordpress directory). But if simpler is better and the need for a separate specialized script is not obvious, feel free to consider and add the plugins.lst content to the fingerprints database.
I think I agree that this would be better done as part of an adaptive, general http-enum algorithm. But WordPress is enough of a special case that we can add this specialized script, I think. By the way, how did you get the database sorted by popularity? Would one of the NSE mentors or other developers take a look at this script and commit it if there are no problems? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins David Fifield (Apr 27)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins David Fifield (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Apr 29)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins David Fifield (Apr 29)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (May 11)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Apr 28)
- <Possible follow-ups>
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Djalal Harouni (Apr 28)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Djalal Harouni (Apr 28)