Re: [NSE] http-dir-brute

[Patrik Karlsson <patrik () cqure net>]

On Fri, Nov 18, 2011 at 9:58 PM, Hani Benhabiles <kroosec () gmail com> wrote:

> Hi list,
>
> Attached is a script that uses brute forcing to discover directories in a
> web site using the already provided list nselib/data/http-folder.txt.
>
> description = [[
> Tries to discover interesting directories within the target web site.
>
> The script works by brute forcing the target web site using a list of
> widely used
> names for folders. A response with a status different than 404 means the
> directory probably
> exists.
> ]]
>
> ---
> -- @args http-dir-brute.root If set, points to the target base path.
> Defaults to "/"
> --
> -- @usage
> -- nmap --script=http-dir-brute --script-arg http-dir-brute.root="/site/"
> <target>
> --
> --@output
> -- PORT   STATE SERVICE
> -- 80/tcp open  http
> -- | http-dir-brute:
> -- |   /admin : 403
> -- |   /batch : 403
> -- |   /blog : 200
> -- |   /cache : 301
> -- |   /cgi-bin : 301
> -- |   /cgi-sys : 301
> -- |   /contact : 200
> -- |   /controlpanel : 301
> -- |_  /phpmyadmin : 301
>
>
> I've also updated http-folder.txt, taking off the leading and trailing "/"
> and also cleaning duplicates.
>
> Cheers,
>
> --
> M. Hani Benhabiles
> Blog: http://kroosec.blogspot.com
> Twitter: @kroosec
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

Hi Hani,

Thanks for the script submission.
We already have a script that does some http checks, including directory
checks, called http-enum.
I think we should probably try to merge the directories missing into the
fingerprint file (nselib/data/http-fingerprints.lua).

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/