Script http-wordpress-enum
Script types:
portrule
Categories:
discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/http-wordpress-enum.nse
Script Summary
Enumerates themes and plugins of Wordpress installations. The script can also detect outdated plugins by comparing version numbers with information pulled from api.wordpress.org.
The script works with two separate databases for themes (wp-themes.lst) and plugins (wp-plugins.lst). The databases are sorted by popularity and the script will search only the top 100 entries by default. The theme database has around 32,000 entries while the plugin database has around 14,000 entries.
The script determines the version number of a plugin by looking at the readme.txt file inside the plugin directory and it uses the file style.css inside a theme directory to determine the theme version. If the script argument check-latest is set to true, the script will query api.wordpress.org to obtain the latest version number available. This check is disabled by default since it queries an external service.
This script is a combination of http-wordpress-plugins.nse and http-wordpress-themes.nse originally submited by Ange Gutek and Peter Hill.
TODO: -Implement version checking for themes.
See also:
Script Arguments
- http-wordpress-enum.type
Search type. Available options:plugins, themes or all. Default:all.
- http-wordpress-enum.search-limit
Number of entries or the string "all". Default:100.
- http-wordpress-enum.root
Base path. By default the script will try to find a WP directory installation or fall back to '/'.
- http-wordpress-enum.check-latest
Retrieves latest plugin version information from wordpress.org. Default:false.
- slaxml.debug
See the documentation for the slaxml library.
- http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -sV --script http-wordpress-enum <target>
nmap --script http-wordpress-enum --script-args check-latest=true,search-limit=10 <target>
nmap --script http-wordpress-enum --script-args type="themes" <target>
Script Output
PORT STATE SERVICE 80/tcp open http | http-wordpress-enum: | Search limited to top 100 themes/plugins | plugins | akismet | contact-form-7 4.1 (latest version:4.1) | all-in-one-seo-pack (latest version:2.2.5.1) | google-sitemap-generator 4.0.7.1 (latest version:4.0.8) | jetpack 3.3 (latest version:3.3) | wordfence 5.3.6 (latest version:5.3.6) | better-wp-security 4.6.4 (latest version:4.6.6) | google-analytics-for-wordpress 5.3 (latest version:5.3) | themes | twentytwelve |_ twentyfourteen
Requires
Authors:
License: Same as Nmap--See https://nmap.org/book/man-legal.html