Categories: broadcast, safe
Retrieves a list of proxy servers on a LAN using the Web Proxy Autodiscovery Protocol (WPAD). It implements both the DHCP and DNS methods of doing so and starts by querying DHCP to get the address. DHCP discovery requires nmap to be running in privileged mode and will be skipped when this is not the case. DNS discovery relies on the script being able to resolve the local domain either through a script argument or by attempting to reverse resolve the local IP.
instructs the script to retrieve the WPAD file instead of parsing it
instructs the script to skip discovery using dhcp
instructs the script to skip discovery using DNS
the domain in which the WPAD host should be discovered
See the documentation for the slaxml library.
- http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
nmap --script broadcast-wpad-discover
| broadcast-wpad-discover: | 188.8.131.52:8080 |_ 184.108.40.206:3128
License: Same as Nmap--See https://nmap.org/book/man-legal.html