Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-apache-negotiate.nse
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 8 Dec 2011 21:52:53 +0100

On Tue, Dec 6, 2011 at 4:41 PM, Hani Benhabiles <kroosec () gmail com> wrote:

Hi list,

description = [[
Checks if the target has mod_negotiation is enabled.

The script works by sending requests for resources like index and home
without specifying the extension. If mod_negotiate is enabled (default
Apache configuration), the target would reply with content-location header
containing target resource (such as index.html) and vary header containing
"negotiate" depending on the configuration.
This could be leveraged to find hidden resources and spider a web site
using less requests.

For more information, see:
* http://www.wisec.it/sectou.php?id=4698ebdc59d15
* Metasploit auxiliary module
   /modules/auxiliary/scanner/http/mod_negotiation_scanner.rb
]]

Cheers,
Hani.

--
M. Hani Benhabiles
Blog: http://kroosec.blogspot.com
Twitter: kroosec <https://twitter.com/#%21/kroosec>

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Hi Hani,

Thanks for submitting this script, I've committed it as r27382.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault