O'Reilly logo

Mastering the Nmap Scripting Engine by Paulino Calderón Pale

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Web application auditing data files

NSE is well-known for its web scanning capabilities, and some of the scripts also require data files to increase their flexibility. Again, as a general recommendation, you should go through them to ensure that they apply to your locale. Let's review what data files are available for web security auditing.

http-fingerprints.lua

This is the most important file related to web scanning in NSE. It contains the fingerprints used by the http-enum script. The http-enum script is the web enumeration script that looks for common application paths and forgotten configuration files; it even detects some web vulnerabilities.

The fingerprints are actually Lua tables. An entry looks somewhat similar to the following:

table.insert(fingerprints, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required