Nmap Development mailing list archives

Re: [NSE] http-feed.nse

From: David Fifield <david () bamsoftware com>
Date: Fri, 16 Aug 2013 20:38:21 -0700

On Mon, Aug 12, 2013 at 07:04:41PM +0300, George Chatzisofroniou wrote:

The attached script crawls through the website and performs some
pattern-matching to find any rss or atom feeds.  This is pretty useful when
testing the target for feed injection or to determine the underlying framework
based on the feed generator.

There are no options, so you run the script as follows:

./nmap -p80 -n -Pn --script http-feed some-random-page.com -d1

The output looks like this:

 PORT   STATE SERVICE REASON
 80/tcp open  http    syn-ack
 | http-feed: 
 | Spidering limited to: maxpagecount=40; withinhost=some-random-page.com
 |   Found the following feeds: 
 |     RSS (version 2.0): http://www.some-random-page.com/2011/11/20/feed/
 |     RSS (version 2.0): http://www.some-random-page.com/2011/12/04/feed/
 |     RSS (version 2.0): http://www.some-random-page.com/category/animalsfeed/
 |     RSS (version 2.0): http://www.some-random-page.com/comments/feed/
 |_    RSS (version 2.0): http://www.some-random-page.com/feed/

Note that for large web applications, you will have to increase httpspider's
'maxpagecount' value (for example, to a value above 100). But beware because the
script will become more intrusive.


I tried against sectools.org. It found the aggregate feed of all
comments, but not any feeds for individual tools like
http://sectools.org/tool/netcat/feed/.

./nmap --script http-feed -p80 sectools.org --script-args maxpagecount=10 -d
PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-feed:
| Spidering limited to: maxpagecount=40; withinhost=sectools.org
|   Found the following feeds:
|_    RSS (version 2.0): http://sectools.org/feed/

It didn't find feeds at secwiki.org. It doesn't seem to understand this
markup on the home page.

<link rel="alternate" type="application/atom+xml" title="SecWiki Atom feed" 
href="/mediawiki/index.php?title=Special:RecentChanges&amp;feed=atom" />

./nmap --script http-feed -p443 secwiki.org --script-args maxpagecount=100 -d
PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
|_http-feed: Couldn't find any feeds.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http-feed.nse George Chatzisofroniou (Aug 12)
- Re: [NSE] http-feed.nse David Fifield (Aug 16)
  - Re: [NSE] http-feed.nse George Chatzisofroniou (Aug 17)
    - Re: [NSE] http-feed.nse David Fifield (Aug 17)
    - Re: [NSE] http-feed.nse George Chatzisofroniou (Aug 17)
- Re: [NSE] http-feed.nse George Chatzisofroniou (Aug 22)