Script http-cakephp-version

Script types: portrule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-cakephp-version.nse

Script Summary

Obtains the CakePHP version of a web application built with the CakePHP framework by fingerprinting default files shipped with the CakePHP framework.

This script queries the files 'vendors.php', 'cake.generic.css', 'cake.icon.png' and 'cake.icon.gif' to try to obtain the version of the CakePHP installation.

Since installations that had been upgraded are prone to false positives due to old files that aren't removed, the script displays 3 different versions:

• Codebase: Taken from the existence of vendors.php (1.1.x or 1.2.x if it does and 1.3.x otherwise)
• Stylesheet: Taken from cake.generic.css
• Icon: Taken from cake.icon.gif or cake.icon.png

For more information about CakePHP visit: http://www.cakephp.org/.

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80,443 --script http-cakephp-version <host/ip>

Script Output

PORT   STATE SERVICE
80/tcp open  http
| http-cakephp-version: Version of codebase: 1.2.x
| Version of icons: 1.2.x
| Version of stylesheet: 1.2.6

Requires

• http
• nmap
• shortport
• stdnse
• table
• openssl

---

Author:

• Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html