Home page logo

nmap-dev logo Nmap Development mailing list archives

[NSE] New script http-backup-finder
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 10 Dec 2011 11:37:01 +0100

Hi all,

I've made a bunch of improvements to the httpspider, made some changes to
the http-email-harvest script and just commited a new script called
The new scripts crawls a site and then attempts to find backup files by
requesting known backup patterns eg: index.html~, index.bak etc.
I noticed some weird responses on some systems claiming to have files based
on the Mac OS pattern "index copy.html".
In all cases so far, this has been a symptom of mod_negotiation triggering
for some reason, returning the index.html page instead.
Don't know what to make of this, except for maybe escaping the url so that
it would become "index%20copy.htm" instead, as this does not trigger

Patrik Karlsson
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]