Script http-errors

Script types: portrule
Categories: discovery, intrusive

Script Summary

This script crawls through the website and returns any error pages.

The script will return all pages (sorted by error code) that respond with an http code equal or above 400. To change this behaviour, please use the errcodes option.

The script, by default, spiders and searches within forty pages. For large web applications make sure to increase httpspider's maxpagecount value. Please, note that the script will become more intrusive though.

Script Arguments


The error codes we are interested in. Default: nil (all codes >= 400)


See the documentation for the slaxml library.

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library., http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-errors.nse <target>

Script Output

80/tcp open  http    syn-ack
| http-errors:
| Spidering limited to: maxpagecount=40;
|   Found the following error pages:
|   Error Code: 404
|   Error Code: 404
|   Error Code: 500



  • George Chatzisofroniou

License: Same as Nmap--See