Web application auditing data files

NSE is well-known for its web scanning capabilities, and some of the scripts also require data files to increase their flexibility. Again, as a general recommendation, you should go through them to ensure that they apply to your locale. Let's review what data files are available for web security auditing.

http-fingerprints.lua

This is the most important file related to web scanning in NSE. It contains the fingerprints used by the http-enum script. The http-enum script is the web enumeration script that looks for common application paths and forgotten configuration files; it even detects some web vulnerabilities.

The fingerprints are actually Lua tables. An entry looks somewhat similar to the following:

table.insert(fingerprints, ...

Get Mastering the Nmap Scripting Engine now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering the Nmap Scripting Engine by Paulino Calderón Pale

Web application auditing data files

http-fingerprints.lua

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly