http-open-redirect
脚本使用类型:
portrule
脚本所属分类:
discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-open-redirect.nse
Spiders a website and attempts to identify open redirects. Open redirects are handlers which commonly take a URL as a parameter and responds with a http redirect (3XX) to the target. Risks of open redirects are described at http://cwe.mitre.org/data/definitions/601.html.
the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)
the maximum amount of pages to visit. A negative value disables the limit (default: 20)
the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)
only spider URLs within the same
domain. This widens the scope from withinhost
and can
not be used in combination. (default: false)
only spider URLs within the same host. (default: true)
执行格式
nmap --script=http-open-redirect <target>
PORT STATE SERVICE REASON 443/tcp open https syn-ack | http-open-redirect: |_ https://foobar.target.se:443/redirect.php?url=http%3A%2f%2fscanme.nmap.org%2f
Author: Martin Holst Swende
License: VER007 整理 http://www.ver007.com