Update wp_plugin.yaml

yaml update Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
OWASP · Sep 18, 2024 · b62c037 · b62c037
1 parent 4e6cabb
commit b62c037
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/nettacker/modules/scan/wp_plugin.yaml b/nettacker/modules/scan/wp_plugin.yaml
@@ -1,16 +1,16 @@
 info:
-  name: wp_plugin_scan
+  name: wordpress_version_scan
   author: OWASP Nettacker Team
   severity: 3
-  description: WordPress plugin finder. Uses wordlists/wp_plugin_small.txt which lists plugins with previously known vulnerabilities
+  description: Directory, Backup finder
   reference:
   profiles:
     - scan
     - http
+    - backup
     - low_severity
     - wp
     - wordpress
-
 payloads:
   - library: http
     steps:
@@ -35,17 +35,13 @@ payloads:
                 - 443
               #We are using small txt file. Work need to be done for handling user input based format files
               paths:
-                read_from_file: wordlists/wp_plugin_small.txt
-
+                read_from_file: wordlists/wp_plugin_small.txt            
         response:
           condition_type: and
           conditions:
             content:
-              regex: "Tags:"
+              regex: Stable\stag:\s(\d+\.\d+\.\d+)
               reverse: false
-            content:
-              regex: Stable\stag:\s(\d+.\d+.\d+)
-              reverse: false  
             status_code:
               regex: "200"
               reverse: false