Script http-drupal-enum

Script types: portrule
Categories: discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/http-drupal-enum.nse

Script Summary

Enumerates the installed Drupal modules/themes by using a list of known modules and themes.

The script works by iterating over module/theme names and requesting MODULE_PATH/MODULE_NAME/LICENSE.txt for modules and THEME_PATH/THEME_NAME/LICENSE.txt. MODULE_PATH/THEME_PATH which is either provided by the user, grepped for in the html body or defaulting to sites/all/modules/.

If the response status code is 200, it means that the module/theme is installed. By default, the script checks for the top 100 modules/themes (by downloads), given the huge number of existing modules (~18k) and themes(~1.4k).

If you want to update your themes or module list refer to the link below.

See also:

Script Arguments

http-drupal-enum.themes_path

Direct Path for Themes

http-drupal-enum.number

Number of modules to check. Use this option with a number or "all" as an argument to test for all modules. Defaults to 100.

http-drupal-enum.type

default all.choose between "themes" and "modules"

http-drupal-enum.root

The base path. Defaults to /.

http-drupal-enum.modules_path

Direct Path for Modules

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 80 --script http-drupal-enum <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-drupal-enum:
|   Themes:
|     adaptivetheme
|   Modules:
|     views
|     token
|     ctools
|     pathauto
|     date
|     imce
|_    webform

Final times for host: srtt: 329644 rttvar: 185712  to: 1072492

Requires


Authors:

  • Hani Benhabiles
  • Gyanendra Mishra

License: Same as Nmap--See https://nmap.org/book/man-legal.html