File http-rfi-spider
Script types:
portrule
Categories:
intrusive
Download: http://nmap.org/svn/scripts/http-rfi-spider.nse
User Summary
Crawls webservers in search of RFI (remote file inclusion) vulnerabilities. It tests every form field it finds and every parameter of a URL containing a query.
Script Arguments
http-rfi-spider.withinhost
only spider URLs within the same host. (default: true)
http-rfi-spider.url
the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)
http-rfi-spider.withindomain
only spider URLs within the same
domain. This widens the scope from withinhost and can
not be used in combination. (default: false)
http-rfi-spider.inclusionurl
the url we will try to include, defaults
to http://www.yahoo.com/search?p=rfi
http-rfi-spider.maxdepth
the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)
http-rfi-spider.maxpagecount
the maximum amount of pages to visit. A negative value disables the limit (default: 20)
http-rfi-spider.pattern
the pattern to search for in response.body
to determine if the inclusion was successful, defaults to
'<a href="http://search.yahoo.com/info/submit.html">Submit Your Site</a>'
httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost
See the documentation for the httpspider library.smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script http-rfi-spider -p80 <host>
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-rfi-spider: | Possible RFI in form at path: /pio/rfi_test2.php, action: /rfi_test2.php for fields: | color |_ inc
Requires
Author: Piotr Olma
License: Same as Nmap--See http://nmap.org/book/man-legal.html