Script http-drupal-enum
Script types:
portrule
Categories:
discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/http-drupal-enum.nse
Script Summary
Enumerates the installed Drupal modules/themes by using a list of known modules and themes.
The script works by iterating over module/theme names and requesting MODULE_PATH/MODULE_NAME/LICENSE.txt for modules and THEME_PATH/THEME_NAME/LICENSE.txt. MODULE_PATH/THEME_PATH which is either provided by the user, grepped for in the html body or defaulting to sites/all/modules/.
If the response status code is 200, it means that the module/theme is installed. By default, the script checks for the top 100 modules/themes (by downloads), given the huge number of existing modules (~18k) and themes(~1.4k).
If you want to update your themes or module list refer to the link below.
See also:
Script Arguments
- http-drupal-enum.themes_path
Direct Path for Themes
- http-drupal-enum.number
Number of modules to check. Use this option with a number or "all" as an argument to test for all modules. Defaults to
100.- http-drupal-enum.type
default all.choose between "themes" and "modules"
- http-drupal-enum.root
The base path. Defaults to
/.- http-drupal-enum.modules_path
Direct Path for Modules
- slaxml.debug
See the documentation for the slaxml library.
- http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 80 --script http-drupal-enum <target>
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-drupal-enum: | Themes: | adaptivetheme | Modules: | views | token | ctools | pathauto | date | imce |_ webform Final times for host: srtt: 329644 rttvar: 185712 to: 1072492
Requires
Authors:
License: Same as Nmap--See https://nmap.org/book/man-legal.html