Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-wordpress-enum

Script types: portrule
Categories: auth, intrusive, vuln
Download: http://nmap.org/svn/scripts/http-wordpress-enum.nse

User Summary

Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others.

Original advisory:

Script Arguments

http-wordpress-enum.limit

Upper limit for ID search. Default: 25

http-wordpress-enum.out

If set it saves the username list in this file.

http-wordpress-enum.basepath

Base path to Wordpress. Default: /

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-wordpress-enum <target>
nmap -sV --script http-wordpress-enum --script-args limit=50 <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-wordpress-enum:
| Username found: admin
| Username found: mauricio
| Username found: cesar
| Username found: lean
| Username found: alex
| Username found: ricardo
|_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-enum.limit'

Requires


Author: Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

  • host:
  • port:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault