Description
This plugin uses HTTP content negotiation to find new resources. The plugin has three distinctive phases:
- Identify if the web server has content negotiation enabled.
- For every resource found by any other plugin, perform a request
to find new related resources. For example, if another plugin finds
“index.php”, this plugin will perform a request for “/index” with customized headers that will return a list of all files that have “index” as the file name.
- Perform a brute force attack in order to find new resources.
One configurable parameter exists:
- wordlist: The wordlist to be used in the bruteforce process.
As far as I can tell, the first reference to this technique was written by Stefano Di Paola in his blog (http://www.wisec.it/sectou.php?id=4698ebdc59d15).
Plugin type
Options
Name | Type | Default Value | Description | Help |
wordlist | string | plugins/crawl/content_negotiation/common_filenames.db | Wordlist to use in the file name bruteforcing process. | No detailed help available |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.