Script http-fetch

Script types: portrule
Categories: safe
Download: https://svn.nmap.org/nmap/scripts/http-fetch.nse

Script Summary

The script is used to fetch files from servers.

The script supports three different use cases:

• The paths argument isn't provided, the script spiders the host and downloads files in their respective folders relative to the one provided using "destination".
• The paths argument(a single item or list) is provided and the path starts with "/", the script tries to fetch the path relative to the url provided via the argument "url".
• The paths argument(a single item or list) is provided and the path doesn't start with "/". Then the script spiders the host and tries to find files which contain the path(now treated as a pattern).

Script Arguments

http-fetch.withinhost

The default behavior is to fetch files from the same host. Set to False to do otherwise.

http-fetch.destination

- The full path of the directory to save the file(s) to preferably with the trailing slash.

http-fetch.maxpagecount

The maximum amount of pages to fetch.

http-fetch.maxdepth

The maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)

http-fetch.files

- The name of the file(s) to be fetched.

http-fetch.paths

A list of paths to fetch. If relative, then the site will be spidered to find matching filenames. Otherwise, they will be fetched relative to the url script-arg.

http-fetch.url

The base URL to start fetching. Default: "/"

http-fetch.withindomain

If set to true then the crawling would be restricted to the domain provided by the user.

http-fetch.noblacklist

By default files like jpg, rar, png are blocked. To fetch such files set noblacklist to true.

slaxml.debug

See the documentation for the slaxml library.

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script http-fetch --script-args destination=/tmp/mirror <target>
nmap --script http-fetch --script-args 'paths={/robots.txt,/favicon.ico}' <target>
nmap --script http-fetch --script-args 'paths=.html' <target>
nmap --script http-fetch --script-args 'url=/images,paths={.jpg,.png,.gif}' <target>

Script Output

| http-fetch:
|   Successfully Downloaded:
|     http://scanme.nmap.org:80/ as /tmp/mirror/45.33.32.156/80/index.html
|_    http://scanme.nmap.org/shared/css/insecdb.css as /tmp/mirror/45.33.32.156/80/shared/css/insecdb.css

Requires

• http
• httpspider
• io
• lfs
• nmap
• shortport
• stdnse
• string
• stringaux
• table

---

Author:

• Gyanendra Mishra

License: Same as Nmap--See https://nmap.org/book/man-legal.html