File http-backup-finder
Script types:
portrule
Categories:
discovery, safe
Download: http://nmap.org/svn/scripts/http-backup-finder.nse
User Summary
Spiders a website and attempts to identify backup copies of discovered files. It does so by requesting a number of different combinations of the filename (eg. index.bak, index.html~, copy of index.html).
Script Arguments
http-backup-finder.maxpagecount
the maximum amount of pages to visit. A negative value disables the limit (default: 20)
http-backup-finder.withindomain
only spider URLs within the same
domain. This widens the scope from withinhost and can
not be used in combination. (default: false)
http-backup-finder.maxdepth
the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)
http-backup-finder.url
the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)
http-backup-finder.withinhost
only spider URLs within the same host. (default: true)
httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost
See the documentation for the httpspider library.smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script=http-backup-finder <target>
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-backup-finder: | Spidering limited to: maxdepth=3; maxpagecount=20; withindomain=example.com | http://example.com/index.bak | http://example.com/login.php~ | http://example.com/index.php~ |_ http://example.com/help.bak
Requires
Author: Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html