Script http-wordpress-enum

Script types: portrule
Categories: discovery, intrusive

Script Summary

Enumerates themes and plugins of Wordpress installations. The script can also detect outdated plugins by comparing version numbers with information pulled from

The script works with two separate databases for themes (wp-themes.lst) and plugins (wp-plugins.lst). The databases are sorted by popularity and the script will search only the top 100 entries by default. The theme database has around 32,000 entries while the plugin database has around 14,000 entries.

The script determines the version number of a plugin by looking at the readme.txt file inside the plugin directory and it uses the file style.css inside a theme directory to determine the theme version. If the script argument check-latest is set to true, the script will query to obtain the latest version number available. This check is disabled by default since it queries an external service.

This script is a combination of http-wordpress-plugins.nse and http-wordpress-themes.nse originally submited by Ange Gutek and Peter Hill.

TODO: -Implement version checking for themes.

See also:

Script Arguments


Search type. Available options:plugins, themes or all. Default:all.

Number of entries or the string "all". Default:100.


Base path. By default the script will try to find a WP directory installation or fall back to '/'.


Retrieves latest plugin version information from Default:false.


See the documentation for the slaxml library., http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

  • nmap -sV --script http-wordpress-enum <target>
  • nmap --script http-wordpress-enum --script-args check-latest=true,search-limit=10 <target>
  • nmap --script http-wordpress-enum --script-args type="themes" <target>

Script Output

80/tcp open  http
| http-wordpress-enum:
| Search limited to top 100 themes/plugins
|   plugins
|     akismet
|     contact-form-7 4.1 (latest version:4.1)
|     all-in-one-seo-pack  (latest version:
|     google-sitemap-generator (latest version:4.0.8)
|     jetpack 3.3 (latest version:3.3)
|     wordfence 5.3.6 (latest version:5.3.6)
|     better-wp-security 4.6.4 (latest version:4.6.6)
|     google-analytics-for-wordpress 5.3 (latest version:5.3)
|   themes
|     twentytwelve
|_    twentyfourteen



  • Ange Gutek
  • Peter Hill
  • Gyanendra Mishra
  • Paulino Calderon

License: Same as Nmap--See