Nmap Development mailing list archives
Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins
From: Gutek <ange.gutek () gmail com>
Date: Mon, 14 Mar 2011 06:41:02 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 14/03/2011 04:56, Ron a écrit :
Hey, I haven't really looked at this code, but I'm wondering if it could be integrated into http-enum.nse? All http-enum really does is iterate over a list of probes and look for expected results. The probes (defined, by default, in http-fingerprints.lua) are a table. The table can be hardcoded, generated, read from a file, etc. Like I said, I only read your email, not the script itself, so I may be completely wrong about what you're doing. Thanks! Ron
Hi Ron, Indeed, that was my first intention : I was actually looking for new fingerprints for it :) But I kickly realized the potential huge amount of queries, later confirmed by a quick while-http.get()-end on the plugins list : it took an hour or so and http.pipeline doesn't help much. Then, considering the amount of fingerprints already tested by http-enum, it sounds me a very long scan for someone who just want to deal with a wordpress blog (or, who does'nt care about wp). Creating a Wordpress category and using http-enum.category would fix it, but I've planned to later add a plugin version vs. known threats comparison. Anyway, for those reasons I decided to make a separate script, with some more options than the brute force part (like the hability to find its path alone to wordpress directory). But if simpler is better and the need for a separate specialized script is not obvious, feel free to consider and add the plugins.lst content to the fingerprints database. Thanks for your comment ! A.G. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk19qm4ACgkQ3aDTTO0ha7hUSACZAV9BWDxfsJrkAYSNUK64ozde uDMAnRCWhc6QkMoa78UsQ0qpMYM2zH17 =PqPb -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Ron (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Henri Doreau (Mar 14)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Gutek (Mar 13)
- Re: [NSE] http-wp-plugins, retrieve installed Wordpress plugins Ron (Mar 13)