Nmap Development mailing list archives
[NSE] http-dir-brute
From: Hani Benhabiles <kroosec () gmail com>
Date: Fri, 18 Nov 2011 21:58:45 +0100
Hi list, Attached is a script that uses brute forcing to discover directories in a web site using the already provided list nselib/data/http-folder.txt. description = [[ Tries to discover interesting directories within the target web site. The script works by brute forcing the target web site using a list of widely used names for folders. A response with a status different than 404 means the directory probably exists. ]] --- -- @args http-dir-brute.root If set, points to the target base path. Defaults to "/" -- -- @usage -- nmap --script=http-dir-brute --script-arg http-dir-brute.root="/site/" <target> -- --@output -- PORT STATE SERVICE -- 80/tcp open http -- | http-dir-brute: -- | /admin : 403 -- | /batch : 403 -- | /blog : 200 -- | /cache : 301 -- | /cgi-bin : 301 -- | /cgi-sys : 301 -- | /contact : 200 -- | /controlpanel : 301 -- |_ /phpmyadmin : 301 I've also updated http-folder.txt, taking off the leading and trailing "/" and also cleaning duplicates. Cheers, -- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: @kroosec
Attachment:
http-folders.txt
Description:
Attachment:
http-dir-brute.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-dir-brute Hani Benhabiles (Nov 18)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 19)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 20)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 20)
- Message not available
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 21)
- Re: [NSE] http-dir-brute Ron (Nov 21)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 22)
- Re: [NSE] http-dir-brute David Fifield (Nov 22)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 23)
- RE: [NSE] http-dir-brute Rob Nicholls (Nov 22)
- Re: [NSE] http-dir-brute Ron (Nov 23)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 20)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 19)