Script http-auth

Script types: portrule
Categories: default, auth, safe
Download: https://svn.nmap.org/nmap/scripts/http-auth.nse

Script Summary

Retrieves the authentication scheme and realm of a web service that requires authentication.

See also:

• http-auth-finder.nse
• http-brute.nse

Script Arguments

http-auth.path

Define the request path

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script http-auth [--script-args http-auth.path=/login] -p80 <host>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-auth:
| HTTP/1.1 401 Unauthorized
|   Negotiate
|   NTLM
|   Digest charset=utf-8 nonce=+Upgraded+v1e4e256b4afb7f89be014e...968ccd60affb7c qop=auth algorithm=MD5-sess realm=example.com
|_  Basic realm=example.com

Requires

• http
• shortport
• stdnse
• string
• table

---

Author:

• Thomas Buchanan

License: Same as Nmap--See https://nmap.org/book/man-legal.html