Re: Detect Subversion running on port 80 using Apache

[David Fifield <david () bamsoftware com>]

On Wed, Mar 24, 2010 at 09:49:16AM -0700, Kevin Longfellow wrote:
> The http-methods script didn't reveal anything about Subversion.  Can
> you give me a few hints how to go about adding this functionality?
> Would the http-methods script be the best starting point?  Do I need
> to do packet traces and look for something in particular?

http-methods doesn't know anything specifically about Subversion, but
you can use it to check for the WebDAV methods used by Subversion. For
example,

$ nmap --script=http-methods --script-args http-methods.url-path=/svn/trunk -p 80 libdnet.googlecode.com
PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-methods: OPTIONS GET HEAD POST DELETE TRACE PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK CHECKOUT
| Potentially risky methods: DELETE TRACE PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK CHECKOUT
|_See http://nmap.org/nsedoc/scripts/http-methods.html

To make a script more specific to Subversion detection, yes, you would
want to do a packet trace to see what kind of requests are sent by the
Subversion client, or consult the protocol documentation.

A difficulty I didn't think of before is that you will probably have to
know the path to the Subversion repository on the server (/svn/trunk
above) because the web server can return different methods for different
URLs.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/