When pentesting web applications, there are certain checks that need to be done to every file in a web server. Tasks such as looking for forgotten backup files may reveal the application source code or database passwords. The Nmap Scripting Engine supports web crawling to help us with tasks that require a list of existing files on a web server.

This recipe will show you how to write an NSE script that will crawl a web server looking for files with a .php extension and perform an injection test via the variable $_SERVER["PHP_SELF"] to find reflected Cross Site Scripting vulnerabilities.