mailing list archives
From: Hani Benhabiles <kroosec () gmail com>
Date: Tue, 6 Dec 2011 16:41:01 +0100
description = [[
Checks if the target has mod_negotiation is enabled.
The script works by sending requests for resources like index and home
without specifying the extension. If mod_negotiate is enabled (default
Apache configuration), the target would reply with content-location header
containing target resource (such as index.html) and vary header containing
"negotiate" depending on the configuration.
This could be leveraged to find hidden resources and spider a web site
using less requests.
For more information, see:
* Metasploit auxiliary module
M. Hani Benhabiles
Twitter: kroosec <https://twitter.com/#%21/kroosec>
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] http-apache-negotiate.nse Hani Benhabiles (Dec 06)