File http-rfi-spider

脚本使用类型: portrule
脚本所属分类: intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-rfi-spider.nse

User Summary

Crawls webservers in search of RFI (remote file inclusion) vulnerabilities. It tests every form field it finds and every parameter of a URL containing a query.

Script Arguments

http-rfi-spider.withinhost

only spider URLs within the same host. (default: true)

http-rfi-spider.url

the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)

http-rfi-spider.withindomain

only spider URLs within the same domain. This widens the scope from withinhost and can not be used in combination. (default: false)

http-rfi-spider.inclusionurl

the url we will try to include, defaults to http://www.yahoo.com/search?p=rfi

http-rfi-spider.maxdepth

the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)

http-rfi-spider.maxpagecount

the maximum amount of pages to visit. A negative value disables the limit (default: 20)

http-rfi-spider.pattern

the pattern to search for in response.body to determine if the inclusion was successful, defaults to '<a href="http://search.yahoo.com/info/submit.html">Submit Your Site</a>'

httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

Example Usage

执行格式

nmap --script http-rfi-spider -p80 <host>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-rfi-spider: 
|   Possible RFI in form at path: /pio/rfi_test2.php, action: /rfi_test2.php for fields:
|     color
|_    inc

Requires

• shortport
• http
• stdnse
• url
• httpspider
• string
• table

Author: Piotr Olma

License: VER007 整理 http://www.ver007.com