File http-drupal-modules

脚本使用类型: portrule
脚本所属分类: discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-drupal-modules.nse

User Summary

Enumerates the installed Drupal modules by using a list of known modules.

The script works by iterating over module names and requesting MODULES_PATH/MODULE_NAME/LICENSE.txt. MODULES_PATH is either provied by the user, grepped for in the html body or defaulting to sites/all/modules/. If the response status code is 200, it means that the module is installed. By default, the script checks for the top 100 modules (by downloads), given the huge number of existing modules (~10k).

Script Arguments

http-drupal-modules.root

The base path. Defaults to /.

http-drupal-modules.number

Number of modules to check. Use this option with a number or "all" as an argument to test for all modules. Defaults to 100.

http-drupal-modules.modules_path

The path to the modules folder. If not set, the script will try to find the path or default to sites/all/modules/

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

Example Usage

执行格式

nmap --script=http-drupal-modules --script-args http-drupal-modules.root="/path/",http-drupal-modules.number=1000 <targets>

Script Output

Interesting ports on my.woot.blog (123.123.123.123):
PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-drupal-modules: 
|   views
|   token
|   cck
|   pathauto
|   ctools
|   admin_menu
|   imageapi
|   filefield
|   date
|   imagecache
|   imagefield
|   google_analytics
|   webform
|   jquery_ui
|_  link

Requires

• http
• io
• nmap
• pcre
• shortport
• stdnse
• string
• table

Author: Hani Benhabiles

License: VER007 整理 http://www.ver007.com