File http-apache-negotiation
Script types:
portrule
Categories:
safe, discovery
Download: http://nmap.org/svn/scripts/http-apache-negotiation.nse
User Summary
Checks if the target http server has mod_negotiation enabled. This feature can be leveraged to find hidden resources and spider a web site using fewer requests.
The script works by sending requests for resources like index and home without specifying the extension. If mod_negotiate is enabled (default Apache configuration), the target would reply with content-location header containing target resource (such as index.html) and vary header containing "negotiate" depending on the configuration.
For more information, see:
- http://www.wisec.it/sectou.php?id=4698ebdc59d15
- Metasploit auxiliary module
Script Arguments
http-apache-negotiation.root
target web site root.
Defaults to /.
http-max-cache-size, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script=http-apache-negotiation --script-args http-apache-negotiation.root=/root/ <target>
Script Output
PORT STATE SERVICE 80/tcp open http |_http-apache-negotiation: mod_negotiation enabled.
Requires
Author: Hani Benhabiles
License: Same as Nmap--See http://nmap.org/book/man-legal.html
