脚本所属分类: auth, intrusive, vuln
Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others.
Upper limit for ID search. Default: 25
If set it saves the username list in this file.
Base path to Wordpress. Default: /
nmap -p80 --script http-wordpress-enum <target> nmap -sV --script http-wordpress-enum --script-args limit=50 <target>
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-wordpress-enum: | Username found: admin | Username found: mauricio | Username found: cesar | Username found: lean | Username found: alex | Username found: ricardo |_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-enum.limit'
Author: Paulino Calderon
License: VER007 整理 http://www.ver007.com