Home page logo
/

nmap-dev logo Nmap Development mailing list archives

New script http-drupal-fingerprint
From: Hani Benhabiles <kroosec () gmail com>
Date: Sun, 8 May 2011 23:54:21 +0100

Hey list,

Attached is a NSE script that checks if a website is running Drupal and
possibly detect its version.

How it works.
For Drupal detection it uses two methods:
It checks common patterns in the source like  src="/sites/all/modules/ and
Drupal.settings, { "basePath etc...
These fingerprints are in drupal_fingerprints table.
It also checks for existence and content of certain files like
INSTALL.mysql.txt and update.php
These are stored in drupal_files table.

For version detection:
It actually relies on the CHANGELOG.txt file if found to detect the exact
version used.

As I'm actually working on searching new patterns and methods for Drupal as
well as Joomla and Wordpress, I would like to know what do you think is the
most suitable for further contributions:
- One script that does fingerprinting for all CMS and frameworks. (would get
bloated very fast and will be hard to maintain)
- A script that does fingerprinting for most common CMS (Wordpress, Drupal,
Joomla) and minor separate scripts for different other CMS/ Frameworks.
- One separate script per CMS and framework. (Wouldn't be very interesting I
think.)

--Hani

Attachment: http-drupal-fingerprint.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault