Script http-auth-finder

Script types: portrule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-auth-finder.nse

Script Summary

Spiders a web site to find web pages requiring form-based or HTTP-based authentication. The results are returned in a table with each url and the detected method.

See also:

Script Arguments

http-auth-finder.url

the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)

http-auth-finder.maxdepth

the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)

http-auth-finder.maxpagecount

the maximum amount of pages to visit. A negative value disables the limit (default: 20)

http-auth-finder.withinhost

only spider URLs within the same host. (default: true)

http-auth-finder.withindomain

only spider URLs within the same domain. This widens the scope from withinhost and can not be used in combination. (default: false)

slaxml.debug

See the documentation for the slaxml library.

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 80 --script http-auth-finder <ip>

Script Output

PORT   STATE SERVICE
80/tcp open  http
| http-auth-finder:
|   url                                   method
|   http://192.168.1.162/auth1/index.html  HTTP: Basic, Digest, Negotiate
|_  http://192.168.1.162/auth2/index.html  FORM

Requires


Author:

  • Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html