I've been reading books on Red Teaming and one of the differences that stands out from Pentesting is the need to be stealthy.  Pentesting tools are very noisy and in a mature, or maybe even not so mature, environment, running stock Kali tools might set off an alert and trigger a ban of some sort.

So I was thinking -- if I wanted to get the WordPress version from a site in a stealthy manner, how would I go about doing that?  Let's paint that picture a bit more -- I'm on a network with my Kali laptop, I don't have access to the Internet, and I found a web server running WordPress.  I want to make as little noise as possible.  As it turns out, I know that I can get the WordPress version from wp-links-opml.php and I'll do it with Python because using a browser is lame.  :)

#!/usr/bin/python
import urllib2
import sys
import re

print "[*] Target URL format = http://www.mydomain.com"
host = raw_input("[*] Enter target URL: ")
path = '/CHANGELOG.txt'
combined = host + path
print
print ("fetching... ") + combined
url = urllib2.urlopen(combined)
html = url.readlines()[:2]
for line in html:
if re.match(r'Drupal', line):
print
sys.stdout.write(line)
print

#!/usr/bin/python
import urllib2
import sys
print "[*] Target URL format = http://www.mydomain.com"
host = raw_input("[*] Enter target URL: ")
path = '/README.txt'
combined = host + path
url = urllib2.urlopen(combined)
print
print ("fetching... ") + combined
html = url.readlines()[:10]
for line in html:
if 'Joomla!' in line:
print
sys.stdout.write(line)
print