Nmap Development mailing list archives
Re: [NSE] http-dir-brute
From: Hani Benhabiles <kroosec () gmail com>
Date: Sun, 20 Nov 2011 16:07:51 +0100
Hi Patrik, I know of http-enum but this script serves a rather different purpose. It works like tools such as OWASP DirBuster, relying on response code to HEAD requests to discover directories (from http-folders.txt) independently of the web app. http-enum uses a larger and more general fingerprints file that requests certain files (and parse the response content in some cases) to identify the specific web applications (e.g if '/wordpress/wp-login.php' contains 'ver=20080708' => WordPress 2.6.x) On Sat, Nov 19, 2011 at 10:53 PM, Patrik Karlsson <patrik () cqure net> wrote:
On Fri, Nov 18, 2011 at 9:58 PM, Hani Benhabiles <kroosec () gmail com>wrote:Hi list, Attached is a script that uses brute forcing to discover directories in a web site using the already provided list nselib/data/http-folder.txt. description = [[ Tries to discover interesting directories within the target web site. The script works by brute forcing the target web site using a list of widely used names for folders. A response with a status different than 404 means the directory probably exists. ]] --- -- @args http-dir-brute.root If set, points to the target base path. Defaults to "/" -- -- @usage -- nmap --script=http-dir-brute --script-arg http-dir-brute.root="/site/" <target> -- --@output -- PORT STATE SERVICE -- 80/tcp open http -- | http-dir-brute: -- | /admin : 403 -- | /batch : 403 -- | /blog : 200 -- | /cache : 301 -- | /cgi-bin : 301 -- | /cgi-sys : 301 -- | /contact : 200 -- | /controlpanel : 301 -- |_ /phpmyadmin : 301 I've also updated http-folder.txt, taking off the leading and trailing "/" and also cleaning duplicates. Cheers, -- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: @kroosec _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Hi Hani, Thanks for the script submission. We already have a script that does some http checks, including directory checks, called http-enum. I think we should probably try to merge the directories missing into the fingerprint file (nselib/data/http-fingerprints.lua). Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
-- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: kroosec <https://twitter.com/#%21/kroosec> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-dir-brute Hani Benhabiles (Nov 18)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 19)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 20)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 20)
- Message not available
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 21)
- Re: [NSE] http-dir-brute Ron (Nov 21)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 22)
- Re: [NSE] http-dir-brute David Fifield (Nov 22)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 23)
- RE: [NSE] http-dir-brute Rob Nicholls (Nov 22)
- Re: [NSE] http-dir-brute Ron (Nov 23)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 20)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 19)