Re: converts an nse script that works on HTTP to HTTPS

[nnposter <nnposter () users sourceforge net>]

On 3/9/19 3:44 PM, Russell Fulton wrote:
> With the recent Drupal vulnerability We decided to find all our Drupal instance.  Shodan told us about externally visible 
> ones and we turned to nmap to check for any that are lurking on the internal network.  The problem is that 
> 'http-drupal-enum’ appears not to know about HTTPS and most of our sites use HTTPS (as a matter fo policy).   I say 
> appears since we told nmap to scan both port 80 and 443 but the scan found only those instances that were listening on port 
> 80.

FWIW, I have briefly scanned through the script, not noticing anything 
that would make it hard-wired for plain HTTP. In other words, the script 
should work for HTTPS as-is and the reason why it is not might be 
elsewhere, perhaps due to some TLS idiosyncrasy.

You might try another simple HTTP script, like http-title or 
http-headers, against your HTTPS instances and see how it goes. Using 
option "-d" should give you an idea what is failing.

Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/