Description

This plugin uses HTTP content negotiation to find new resources. The plugin has three distinctive phases:

  • Identify if the web server has content negotiation enabled.
  • For every resource found by any other plugin, perform a request
  • to find new related resources. For example, if another plugin finds

“index.php”, this plugin will perform a request for “/index” with customized headers that will return a list of all files that have “index” as the file name.

  • Perform a brute force attack in order to find new resources.

One configurable parameter exists:

  • wordlist: The wordlist to be used in the bruteforce process.

As far as I can tell, the first reference to this technique was written by Stefano Di Paola in his blog (http://www.wisec.it/sectou.php?id=4698ebdc59d15).

Plugin type

Crawl

Options

Name Type Default Value Description Help
wordlist string plugins/crawl/content_negotiation/common_filenames.db Wordlist to use in the file name bruteforcing process. No detailed help available

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin has no dependencies.