File http-drupal-modules

脚本使用类型: portrule
脚本所属分类: discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-drupal-modules.nse

User Summary

Enumerates the installed Drupal modules by using a list of known modules.

The script works by iterating over module names and requesting MODULES_PATH/MODULE_NAME/LICENSE.txt. MODULES_PATH is either provied by the user, grepped for in the html body or defaulting to sites/all/modules/. If the response status code is 200, it means that the module is installed. By default, the script checks for the top 100 modules (by downloads), given the huge number of existing modules (~10k).

Script Arguments


The base path. Defaults to /.


Number of modules to check. Use this option with a number or "all" as an argument to test for all modules. Defaults to 100.


The path to the modules folder. If not set, the script will try to find the path or default to sites/all/modules/

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

Example Usage


nmap --script=http-drupal-modules --script-args http-drupal-modules.root="/path/",http-drupal-modules.number=1000 <targets>

Script Output

Interesting ports on my.woot.blog (
80/tcp open  http    syn-ack
| http-drupal-modules: 
|   views
|   token
|   cck
|   pathauto
|   ctools
|   admin_menu
|   imageapi
|   filefield
|   date
|   imagecache
|   imagefield
|   google_analytics
|   webform
|   jquery_ui
|_  link


Author: Hani Benhabiles

License: VER007 整理 http://www.ver007.com