renamed http-wp-enum and http-wp-plugins to http-wordpress-* for consistency with the naming of http-wordpress-brute

2025-12-09 22:21:29 +00:00 · 2011-09-30 05:49:53 +00:00
parent 376238e704
commit d749de55b1
4 changed files with 30 additions and 25 deletions
--- a/12
+++ b/12
@@ -168,10 +168,10 @@ o [NSE] Added 27 scripts, bringing the total to 243!  You can learn
  + http-wordpress-brute performs brute force password auditing
    against Wordpress CMS/blog installations. [Paulino Calderon]

-  + http-wp-enum enumerates usernames in Wordpress blog/CMS
-    installations by exploiting an information disclosure vulnerability
-    existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and
-    possibly others. [Paulino Calderon]
+  + http-wordpress-enum enumerates usernames in Wordpress blog/CMS
+    installations by exploiting an information disclosure
+    vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and
+    3.2-beta2 and possibly others. [Paulino Calderon]

  + imap-brute performs brute force password auditing against IMAP
    servers using either LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 or NTLM
@@ -417,6 +417,10 @@ o [NSE] Added the make_array and make_object functions to our json
 o [NSE] The ip-geolocation-ipinfodb now allows you to specify an
  IPInfoDB API key using the apikey NSE argument. [Gorjan]

+o [NSE] Renamed http-wp-plugins to http-wordpress-plugins script for
+  consistency with http-wordpress-brute and now
+  http-wordpress-enum. [Fyodor]
+
 Nmap 5.59BETA1 [2011-06-30]

 o [NSE] Added 40 scripts, bringing the total to 217!  You can learn
--- a/scripts/http-wordpress-enum.nse
+++ b/scripts/http-wordpress-enum.nse
@@ -7,24 +7,24 @@ Original advisory:

 ---
 -- @usage
-- nmap -p80 --script http-wp-enum <target>
-- nmap -sV --script http-wp-enum --script-args limit=50 <target>
+-- nmap -p80 --script http-wordpress-enum <target>
+-- nmap -sV --script http-wordpress-enum --script-args limit=50 <target>
 --
 -- @output
 -- PORT   STATE SERVICE REASON
 -- 80/tcp open  http    syn-ack
-- | http-wp-enum: 
+-- | http-wordpress-enum: 
 -- | Username found: admin
 -- | Username found: mauricio
 -- | Username found: cesar
 -- | Username found: lean
 -- | Username found: alex
 -- | Username found: ricardo
-- |_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wp-enum.limit'
+-- |_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-enum.limit'
 -- 
-- @args http-wp-enum.limit Upper limit for ID search. Default: 25
-- @args http-wp-enum.basepath Base path to Wordpress. Default: /
-- @args http-wp-enum.out If set it saves the username list in this file.
+-- @args http-wordpress-enum.limit Upper limit for ID search. Default: 25
+-- @args http-wordpress-enum.basepath Base path to Wordpress. Default: /
+-- @args http-wordpress-enum.out If set it saves the username list in this file.
 ---

 author = "Paulino Calderon"
@@ -96,9 +96,9 @@ end
 --MAIN
 ---
 action = function(host, port)
-  local basepath = stdnse.get_script_args("http-wp-enum.basepath") or "/"
-  local limit = stdnse.get_script_args("http-wp-enum.limit") or 25
-  local filewrite = stdnse.get_script_args("http-wp-enum.out")
+  local basepath = stdnse.get_script_args("http-wordpress-enum.basepath") or "/"
+  local limit = stdnse.get_script_args("http-wordpress-enum.limit") or 25
+  local filewrite = stdnse.get_script_args("http-wordpress-enum.out")
  local output = {""}
  local users = {}
  --First, we check this is WP
@@ -130,7 +130,7 @@ action = function(host, port)
  end
 
  if #output > 1 then
-    output[#output+1] = string.format("Search stopped at ID #%s. Increase the upper limit if necessary with 'http-wp-enum.limit'", limit)
+    output[#output+1] = string.format("Search stopped at ID #%s. Increase the upper limit if necessary with 'http-wordpress-enum.limit'", limit)
    return stdnse.strjoin("\n", output)
  end
 end
--- a/scripts/http-wordpress-plugins.nse
+++ b/scripts/http-wordpress-plugins.nse
@@ -13,18 +13,18 @@ check the first 100 ones. Users can tweak this with an option (see below).
 ]]

 ---
-- @args http-wp-plugins.root If set, points to the blog root directory on the website. If not, the script will try to find a WP directory installation or fall back to root.
-- @args http-wp-plugins.search As the plugins list contains tens of thousand of plugins, this script will only search the 100 most popular ones by default.
+-- @args http-wordpress-plugins.root If set, points to the blog root directory on the website. If not, the script will try to find a WP directory installation or fall back to root.
+-- @args http-wordpress-plugins.search As the plugins list contains tens of thousand of plugins, this script will only search the 100 most popular ones by default.
 -- Use this option with a number or "all" as an argument for a more comprehensive brute force.
 --
 -- @usage
-- nmap --script=http-wp-plugins --script-arg http-wp-plugins.root="/blog/",http-wp-plugins.search=500 <targets>
+-- nmap --script=http-wordpress-plugins --script-arg http-wordpress-plugins.root="/blog/",http-wordpress-plugins.search=500 <targets>
 --
 --@output
 -- Interesting ports on my.woot.blog (123.123.123.123):
 -- PORT   STATE SERVICE REASON
 -- 80/tcp open  http    syn-ack
-- | http-wp-plugins:
+-- | http-wordpress-plugins:
 -- | search amongst the 500 most popular plugins
 -- |   akismet
 -- |   wp-db-backup
@@ -66,9 +66,9 @@ action = function(host, port)
  end

  local wp_autoroot
-  local wp_root = stdnse.get_script_args("http-wp-plugins.root")
+  local wp_root = stdnse.get_script_args("http-wordpress-plugins.root")
  local plugins_search = DEFAULT_PLUGINS_SEARCH
-  local plugins_search_arg = stdnse.get_script_args("http-wp-plugins.search")
+  local plugins_search_arg = stdnse.get_script_args("http-wordpress-plugins.search")

  if plugins_search_arg == "all" then
    plugins_search = nil
@@ -143,7 +143,7 @@ action = function(host, port)
  for i, data in pairs(pipeline_returns) do
    -- if it's not a four-'o-four, it probably means that the plugin is present
    if http.page_exists(data, result_404, body_404, bfqueries[i][1], true) then
-      stdnse.print_debug(1, "http-wp-plugins.nse: Found a plugin: %s", bfqueries[i][2])
+      stdnse.print_debug(1, "http-wordpress-plugins.nse: Found a plugin: %s", bfqueries[i][2])
      table.insert(result, bfqueries[i][2])
    end
  end
@@ -153,7 +153,7 @@ action = function(host, port)
    result.name = "search amongst the " .. plugin_count .. " most popular plugins"
    return stdnse.format_output(true, result)
  else
-    return "nothing found amongst the " .. plugin_count .. " most popular plugins, use --script-arg http-wp-plugins.search=<number|all> for deeper analysis)\n"
+    return "nothing found amongst the " .. plugin_count .. " most popular plugins, use --script-arg http-wordpress-plugins.search=<number|all> for deeper analysis)\n"
  end

 end
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -101,8 +101,8 @@ Entry { filename = "http-vmware-path-vuln.nse", categories = { "safe", "vuln", }
 Entry { filename = "http-vuln-cve2011-3192.nse", categories = { "safe", "vuln", } }
 Entry { filename = "http-waf-detect.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "http-wordpress-brute.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "http-wp-enum.nse", categories = { "auth", "discovery", "intrusive", "vuln", } }
-Entry { filename = "http-wp-plugins.nse", categories = { "discovery", "intrusive", } }
+Entry { filename = "http-wordpress-enum.nse", categories = { "auth", "discovery", "intrusive", "vuln", } }
+Entry { filename = "http-wordpress-plugins.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "iax2-version.nse", categories = { "version", } }
 Entry { filename = "imap-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "imap-capabilities.nse", categories = { "default", "safe", } }
@@ -124,6 +124,7 @@ Entry { filename = "ldap-novell-getpass.nse", categories = { "discovery", "safe"
 Entry { filename = "ldap-rootdse.nse", categories = { "discovery", "safe", } }
 Entry { filename = "ldap-search.nse", categories = { "discovery", "safe", } }
 Entry { filename = "lexmark-config.nse", categories = { "discovery", "safe", } }
+Entry { filename = "lltd-discovery.nse", categories = { "discovery", "safe", } }
 Entry { filename = "modbus-discover.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }