mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-04 09:43:40 +08:00
50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
id: wordpress-passive-detection
|
|
|
|
info:
|
|
name: WordPress Passive Detection - Plugins & Themes
|
|
author: princechaddha
|
|
severity: info
|
|
description: |
|
|
Passively enumerates WordPress plugins and themes through REST API discovery and HTML source analysis without brute-forcing, based on wpprobe methodology.
|
|
reference:
|
|
- https://developer.wordpress.org/rest-api/using-the-rest-api/discovery/
|
|
- https://github.com/Chocapikk/wpprobe
|
|
- https://chocapikk.com/posts/2025/wpprobe/
|
|
classification:
|
|
cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
vendor: wordpress
|
|
product: wordpress
|
|
shodan-query:
|
|
- http.component:"wordpress"
|
|
tags: tech,wordpress,cms,wp,plugin,theme,discovery,passive,enum
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/?rest_route=/"
|
|
- "{{BaseURL}}/wp-json/"
|
|
- "{{BaseURL}}"
|
|
|
|
redirects: true
|
|
max-redirects: 2
|
|
stop-at-first-match: true
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: plugin_slug
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- '\/wp-content\/plugins\/([a-zA-Z0-9_-]+)\/'
|
|
|
|
- type: regex
|
|
name: theme_slug
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- '\/wp-content\/themes\/([a-zA-Z0-9_-]+)\/'
|
|
- 'themes\/([a-zA-Z0-9_-]+)\/style\.css'
|
|
# digest: 4a0a00473045022100dd1dfa16bb34b19352f44d55f8bbe81120111a197a675f41aeadc0cdab94655d022036e5aefbed2c6ee97e147e69479476f66de05340d2118282304c4dbc151435df:922c64590222798bb761d5b6d8e72950 |