Vous devez utiliser le script http-wordpress-plugins.root argumentto indiquer votre chemin "/ wp /". Dans votre cas, quelque chose comme:
nmap -p80 --script http-wordpress-plugins.nse --script-args http-wordpress-plugins.root="/wp/" 192.168.0.1
Citant le code source du script http-wordpress-plugins.nse
(/usr/share/nmap/scripts/http-wordpress-plugins.nse
):
description = [[
Tries to obtain a list of installed WordPress plugins by brute force
testing for known plugins.
The script will brute force the /wp-content/plugins/ folder with a dictionary
of 14K (and counting) known WP plugins. Anything but a 404 means that a given
plugin directory probably exists, so the plugin probably also does.
The available plugins for Wordpress is huge and despite the efforts of Nmap to
parallelize the queries, a whole search could take an hour or so. That's why
the plugin list is sorted by popularity and by default the script will only
check the first 100 ones. Users can tweak this with an option (see below).
]]
---
-- @args http-wordpress-plugins.root If set, points to the blog root directory on the website. If not, the script will try to find a WP directory installation or fall back to root.
-- @args http-wordpress-plugins.search As the plugins list contains tens of thousand of plugins, this script will only search the 100 most popular ones by default.
-- Use this option with a number or "all" as an argument for a more comprehensive brute force.
--
-- @usage
-- nmap --script=http-wordpress-plugins --script-args http-wordpress-plugins.root="/blog/",http-wordpress-plugins.search=500 <targets>
--
[email protected]
-- Interesting ports on my.woot.blog (123.123.123.123):
-- PORT STATE SERVICE REASON
-- 80/tcp open http syn-ack
-- | http-wordpress-plugins:
-- | search amongst the 500 most popular plugins
-- | akismet
-- | wp-db-backup
-- | all-in-one-seo-pack
-- | stats
-- |_ wp-to-twitter
Soyez averti, cependant, que nmap fait de son mieux en utilisant une combinaison de méthodes heuristiques, vulnérabilités connues et force brute. Un résultat négatif ne signifie pas que "quelque chose n'est pas là, à 100% sûr". Cela signifie simplement que "nmap n'a pas pu le trouver", et peut-être parce que l'hôte est bien protégé (ex: le service est judicieusement configuré, pare-feu, IDS ...)
Ceci est également documenté sur le portail NSE: https : //nmap.org/nsedoc/scripts/http-wordpress-enum.html. Si vous n'utilisez que quelques scripts associés, vous pouvez laisser le nom du script hors de l'argument et ils le partageront tous: '--script-args root =/wp /' – bonsaiviking