http/fuzzing/wordpress-plugins-detect.yaml

id: wordpress-plugins-detect

info:
  name: WordPress Plugins Detection
  author: 0xcrypto
  severity: info
  metadata:
    max-request: 100563
  tags: fuzzing,bruteforce,wordpress

http:
  - raw:
      - |
        GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1
        Host: {{Hostname}}

    threads: 50
    payloads:
      pluginSlug: helpers/wordlists/wordpress-plugins.txt

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "== Description =="

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - "===\\s(.*)\\s===" # extract the plugin name
          - "(?m)Stable tag: ([0-9.]+)" # extract the plugin version
# digest: 4a0a00473045022011ffc9134eaa01b62eddcdbbc33af59e33613478dd206665d9f12d60ea4fe114022100a6845b777b51f0d3959d009a91f612b73b13c9a5dc6fe6d058bd37994d64fe6a:922c64590222798bb761d5b6d8e72950
WordPress detection templates 2021-04-20 06:21:49 +05:30			`id: wordpress-plugins-detect`
more updates 2021-10-10 06:43:30 +05:30
WordPress detection templates 2021-04-20 06:21:49 +05:30			`info:`
			`name: WordPress Plugins Detection`
			`author: 0xcrypto`
			`severity: info`
Added max request counter of each template 2023-04-28 13:41:21 +05:30			`metadata:`
TemplateMan Update [Mon Mar 4 08:20:22 UTC 2024] :robot: 2024-03-04 08:20:22 +00:00			`max-request: 100563`
Update bruteforce tags 2024-02-28 10:41:31 +05:30			`tags: fuzzing,bruteforce,wordpress`
WordPress detection templates 2021-04-20 06:21:49 +05:30
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30			`- raw:`
WordPress detection templates 2021-04-20 06:21:49 +05:30			`- \|`
			`GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1`
			`Host: {{Hostname}}`
minor updates 2021-04-20 14:13:28 +05:30
Update wordpress-plugins-detect.yaml to extract plugin name and version (#4290) * update wordpress-plugins-detect template to extract plugin name and version * fix yamllint errors * version extractor update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-05 22:23:16 +10:00			`threads: 50`
Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30			`payloads:`
			`pluginSlug: helpers/wordlists/wordpress-plugins.txt`

minor updates 2021-04-20 14:13:28 +05:30			`matchers-condition: and`
WordPress detection templates 2021-04-20 06:21:49 +05:30			`matchers:`
			`- type: status`
			`status:`
			`- 200`
minor updates 2021-04-20 14:13:28 +05:30
			`- type: word`
			`words:`
			`- "== Description =="`
Update wordpress-plugins-detect.yaml to extract plugin name and version (#4290) * update wordpress-plugins-detect template to extract plugin name and version * fix yamllint errors * version extractor update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-05-05 22:23:16 +10:00
			`extractors:`
			`- type: regex`
			`part: body`
			`group: 1`
			`regex:`
			`- "===\\s(.*)\\s===" # extract the plugin name`
templateman update 2023-10-14 16:57:55 +05:30			`- "(?m)Stable tag: ([0-9.]+)" # extract the plugin version`
Auto Template Signing [Mon Mar 4 09:35:31 UTC 2024] :robot: 2024-03-04 09:35:31 +00:00			`# digest: 4a0a00473045022011ffc9134eaa01b62eddcdbbc33af59e33613478dd206665d9f12d60ea4fe114022100a6845b777b51f0d3959d009a91f612b73b13c9a5dc6fe6d058bd37994d64fe6a:922c64590222798bb761d5b6d8e72950`