Le site nmap.org offre des scripts de détection de vulnérabilté et d'intrusion à l'adresse http://nmap.org/nsedoc/
nmap --script=http-methods.nse --script-args http-methods.retest=1 <@adressehost>
.... 80/tcp open http | http-methods: GET HEAD POST OPTIONS TRACE | Potentially risky methods: TRACE | See http://nmap.org/nsedoc/scripts/http-methods.html | GET / -> HTTP/1.1 403 Forbidden | | HEAD / -> HTTP/1.1 403 Forbidden | | POST / -> HTTP/1.1 404 Not Found | | OPTIONS / -> HTTP/1.1 200 OK | |_TRACE / -> HTTP/1.1 200 OK ...
nmap --script=http-enum.nse <@adressehost>
..... 8080/tcp open http-proxy | http-enum: | /manager/: Possible admin folder | /web-console/ServerInfo.jsp: JBoss Console | /web-console/Invoker: JBoss Console | /invoker/: JBoss Console |_ /jmx-console/: JBoss Console .....
nmap --script=http-vuln-cve2011-3192.nse -pT:80,443 <@adressehost>
..... 80/tcp open http | http-vuln-cve2011-3192: | VULNERABLE: | Apache byterange filter DoS | State: VULNERABLE | IDs: CVE:CVE-2011-3192 OSVDB:74721 | Description: | The Apache web server is vulnerable to a denial of service attack when numerous | overlapping byte ranges are requested. | Disclosure date: 2011-08-19 | References: | http://seclists.org/fulldisclosure/2011/Aug/175 | http://nessus.org/plugins/index.php?view=single&id=55976 | http://osvdb.org/74721 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 .....
nmap --script=http-vuln-cve2010-0738.nse <@adressehost>
..... 8080/tcp open http-proxy | http-vuln-cve2010-0738: |_ /jmx-console/: Authentication was not required ....
Ces Scripts sont disponibles sur la backtrack5 sous root