Script http-errors

Script types: portrule
Categories: discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/http-errors.nse

Script Summary

This script crawls through the website and returns any error pages.

The script will return all pages (sorted by error code) that respond with an http code equal or above 400. To change this behaviour, please use the errcodes option.

The script, by default, spiders and searches within forty pages. For large web applications make sure to increase httpspider's maxpagecount value. Please, note that the script will become more intrusive though.

Script Arguments

http-errors.errcodes

The error codes we are interested in. Default: nil (all codes >= 400)

slaxml.debug

See the documentation for the slaxml library.

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-errors.nse <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-errors:
| Spidering limited to: maxpagecount=40; withinhost=some-random-page.com
|   Found the following error pages:
|
|   Error Code: 404
|       http://some-random-page.com/admin/
|
|   Error Code: 404
|       http://some-random-page.com/foo.html
|
|   Error Code: 500
|_      http://some-random-page.com/p.php

Requires

• shortport
• stdnse
• table
• httpspider

---

Author:

• George Chatzisofroniou

License: Same as Nmap--See https://nmap.org/book/man-legal.html