[NSE] http-drupal-modules.nse

[Hani Benhabiles <kroosec () gmail com>]

Hi list,

description = [[
Enumerates the installed Drupal modules by using a list of known modules.

The script works by requesting /sites/all/modules/MODULE_NAME/LICENSE.txt.
If the response status code is 200, it means that the module is installed.
By default, the script checks for the top 100 modules (by downloads), 
given the huge number of existing modules (~10k).
]]

From what I have found so far, requesting the LICENSE.txt file is the 
best option because it is added for every module uploaded on drupal.org 
(normal way to get drupal modules). Other possible options are:

- Requesting MODULE_NAME/ And checking against the status code of a 
response for an obviously non-existing module request.

- Building a DB with records specific for each module (some modules have 
.js, .css  files or subfolders etc...) which is cumbersome.

I have also attached a list of Drupal modules ranked by number of 
downloads (extracted from [1]) that should be copied in nselib/data/

Any input is welcome.

[1] http://drupal.org/project/usage

Cheers,
Hani.

--
Hani Benhabiles
President, OWASP Algeria Student Chapter
http://www.owaspalgeriasc.org
https://www.owasp.org/index.php/Algeria_Student_Chapter
Email: hani.benhabiles () owasp org

Twitter: https://twitter.com/#!/kroosec
Blog: http://kroosec.blogspot.com

Attachment: drupal-modules.lst
Description:

Attachment: http-drupal-modules.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/