Nmap Development mailing list archives

[NSE] Script Submission: HTTP Authentication Discovery

From: Gabriel de Lima Monteiro <gabriel.dlm () fisica if uff br>
Date: Wed, 23 Apr 2014 00:44:51 -0300

Hello,

Attached is a NSE implementation to http authentication discovery
script that check if a page has a simple login page.


It simply check if the server return the 401 code.


Example


$ nmap -p80 --open --script=http-auth-discovery.nse 192.168.25.1-255

Starting Nmap 6.46 ( http://nmap.org ) at 2014-04-23 00:32 BRT
Nmap scan report for PowerBox.home (192.168.25.1)
Host is up (0.017s latency).
PORT   STATE SERVICE
80/tcp open  http
|_http-auth-discovery: HTTP authentication found

Nmap scan report for new-host-4.home (192.168.25.5)
Host is up (0.012s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 255 IP addresses (6 hosts up) scanned in 4.87 seconds


I find this useful to search for web authentication on very large scans.


Cheers,

Gabriel

Attachment: http-auth-discovery.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Script Submission: HTTP Authentication Discovery Gabriel de Lima Monteiro (Apr 22)
- Re: [NSE] Script Submission: HTTP Authentication Discovery George Chatzisofroniou (Apr 23)