File http-wordpress-plugins

脚本使用类型: portrule
脚本所属分类: discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-wordpress-plugins.nse

User Summary

Tries to obtain a list of installed WordPress plugins by brute force testing for known plugins.

The script will brute force the /wp-content/plugins/ folder with a dictionnary of 14K (and counting) known WP plugins. Anything but a 404 means that a given plugin directory probably exists, so the plugin probably also does.

The available plugins for Wordpress is huge and despite the efforts of Nmap to parallelize the queries, a whole search could take an hour or so. That's why the plugin list is sorted by popularity and by default the script will only check the first 100 ones. Users can tweak this with an option (see below).

Script Arguments


If set, points to the blog root directory on the website. If not, the script will try to find a WP directory installation or fall back to root.


As the plugins list contains tens of thousand of plugins, this script will only search the 100 most popular ones by default. Use this option with a number or "all" as an argument for a more comprehensive brute force.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

Example Usage


nmap --script=http-wordpress-plugins --script-args http-wordpress-plugins.root="/blog/",http-wordpress-plugins.search=500 <targets>

Script Output

Interesting ports on my.woot.blog (
80/tcp open  http    syn-ack
| http-wordpress-plugins:
| search amongst the 500 most popular plugins
|   akismet
|   wp-db-backup
|   all-in-one-seo-pack
|   stats
|_  wp-to-twitter


Author: Ange Gutek

License: VER007 整理 http://www.ver007.com