Nmap Development mailing list archives
Re: Detect Subversion running on port 80 using Apache
From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Mar 2010 13:08:49 -0600
On Wed, Mar 24, 2010 at 09:49:16AM -0700, Kevin Longfellow wrote:
The http-methods script didn't reveal anything about Subversion. Can you give me a few hints how to go about adding this functionality? Would the http-methods script be the best starting point? Do I need to do packet traces and look for something in particular?
http-methods doesn't know anything specifically about Subversion, but you can use it to check for the WebDAV methods used by Subversion. For example, $ nmap --script=http-methods --script-args http-methods.url-path=/svn/trunk -p 80 libdnet.googlecode.com PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-methods: OPTIONS GET HEAD POST DELETE TRACE PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK CHECKOUT | Potentially risky methods: DELETE TRACE PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK CHECKOUT |_See http://nmap.org/nsedoc/scripts/http-methods.html To make a script more specific to Subversion detection, yes, you would want to do a packet trace to see what kind of requests are sent by the Subversion client, or consult the protocol documentation. A difficulty I didn't think of before is that you will probably have to know the path to the Subversion repository on the server (/svn/trunk above) because the web server can return different methods for different URLs. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Detect Subversion running on port 80 using Apache Kevin Longfellow (Mar 23)
- Re: Detect Subversion running on port 80 using Apache David Fifield (Mar 23)
- Message not available
- Re: Detect Subversion running on port 80 using Apache David Fifield (Mar 26)
- Message not available
- Re: Detect Subversion running on port 80 using Apache David Fifield (Mar 23)