Nmap Development mailing list archives

[NSE] http-apache-negotiate.nse

From: Hani Benhabiles <kroosec () gmail com>
Date: Tue, 6 Dec 2011 16:41:01 +0100

Hi list,

description = [[
Checks if the target has mod_negotiation is enabled.

The script works by sending requests for resources like index and home
without specifying the extension. If mod_negotiate is enabled (default
Apache configuration), the target would reply with content-location header
containing target resource (such as index.html) and vary header containing
"negotiate" depending on the configuration.
This could be leveraged to find hidden resources and spider a web site
using less requests.

For more information, see:
* http://www.wisec.it/sectou.php?id=4698ebdc59d15
* Metasploit auxiliary module
    /modules/auxiliary/scanner/http/mod_negotiation_scanner.rb
]]

Cheers,
Hani.

-- 
M. Hani Benhabiles
Blog: http://kroosec.blogspot.com
Twitter: kroosec <https://twitter.com/#%21/kroosec>

Attachment: http-apache-negotiation.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http-apache-negotiate.nse Hani Benhabiles (Dec 06)
- Re: [NSE] http-apache-negotiate.nse Patrik Karlsson (Dec 08)