File http-drupal-modules
Script types:
portrule
Categories:
discovery, intrusive
Download: http://nmap.org/svn/scripts/http-drupal-modules.nse
User Summary
Enumerates the installed Drupal modules by using a list of known modules.
The script works by iterating over module names and requesting MODULES_PATH/MODULE_NAME/LICENSE.txt. MODULES_PATH is either provied by the user, grepped for in the html body or defaulting to sites/all/modules/. If the response status code is 200, it means that the module is installed. By default, the script checks for the top 100 modules (by downloads), given the huge number of existing modules (~10k).
Script Arguments
http-drupal-modules.root
The base path. Defaults to /.
http-drupal-modules.number
Number of modules to check.
Use this option with a number or "all" as an argument to test for all modules.
Defaults to 100.
http-drupal-modules.modules_path
The path to the modules folder. If not set, the script will try to
find the path or default to sites/all/modules/
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script=http-drupal-modules --script-args http-drupal-modules.root="/path/",http-drupal-modules.number=1000 <targets>
Script Output
Interesting ports on my.woot.blog (123.123.123.123): PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-drupal-modules: | views | token | cck | pathauto | ctools | admin_menu | imageapi | filefield | date | imagecache | imagefield | google_analytics | webform | jquery_ui |_ link
Requires
Author: Hani Benhabiles
License: Same as Nmap--See http://nmap.org/book/man-legal.html