Script http-cakephp-version

Script types: portrule
Categories: discovery, safe

Script Summary

Obtains the CakePHP version of a web application built with the CakePHP framework by fingerprinting default files shipped with the CakePHP framework.

This script queries the files 'vendors.php', 'cake.generic.css', 'cake.icon.png' and 'cake.icon.gif' to try to obtain the version of the CakePHP installation.

Since installations that had been upgraded are prone to false positives due to old files that aren't removed, the script displays 3 different versions:

  • Codebase: Taken from the existence of vendors.php (1.1.x or 1.2.x if it does and 1.3.x otherwise)
  • Stylesheet: Taken from cake.generic.css
  • Icon: Taken from cake.icon.gif or cake.icon.png

For more information about CakePHP visit:

Script Arguments


See the documentation for the slaxml library., http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80,443 --script http-cakephp-version <host/ip>

Script Output

80/tcp open  http
| http-cakephp-version: Version of codebase: 1.2.x
| Version of icons: 1.2.x
| Version of stylesheet: 1.2.6



  • Paulino Calderon <>

License: Same as Nmap--See