File `http-open-redirect`

脚本使用类型: portrule
脚本所属分类: discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-open-redirect.nse

User Summary

Spiders a website and attempts to identify open redirects. Open redirects are handlers which commonly take a URL as a parameter and responds with a http redirect (3XX) to the target. Risks of open redirects are described at http://cwe.mitre.org/data/definitions/601.html.

Script Arguments

http-open-redirect.maxdepth

the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)

http-open-redirect.maxpagecount

the maximum amount of pages to visit. A negative value disables the limit (default: 20)

http-open-redirect.url

the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)

http-open-redirect.withindomain

only spider URLs within the same domain. This widens the scope from withinhost and can not be used in combination. (default: false)

http-open-redirect.withinhost

only spider URLs within the same host. (default: true)

httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

Example Usage

执行格式

nmap --script=http-open-redirect <target>

Script Output

PORT   STATE SERVICE REASON
443/tcp open  https   syn-ack
| http-open-redirect: 
|_  https://foobar.target.se:443/redirect.php?url=http%3A%2f%2fscanme.nmap.org%2f

Requires

Author: Martin Holst Swende

License: VER007 整理 http://www.ver007.com

File http-open-redirect