description = [[ Spiders websites in search of RFI vulnerabilities in forms and parameters. ]] --- -- @usage -- nmap --script http-rfi-spider -p 80 -- -- -- @output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-rfi-spider: -- | Possible RFI in form at path: /pio/rfi_test2.php, action: ./rfi_test2.php for fields: -- | color -- |_ inc -- -- @args http-rfi-spider.maxdepth the maximum amount of directories beneath -- the initial url to spider. A negative value disables the limit. -- (default: 3) -- @args http-rfi-spider.maxpagecount the maximum amount of pages to visit. -- A negative value disables the limit (default: 20) -- @args http-rfi-spider.url the url to start spidering. This is a URL -- relative to the scanned host eg. /default.html (default: /) -- @args http-rfi-spider.withinhost only spider URLs within the same host. -- (default: true) -- @args http-rfi-spider.withindomain only spider URLs within the same -- domain. This widens the scope from withinhost and can -- not be used in combination. (default: false) -- author = "Piotr Olma" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"intrusive"} local shortport = require 'shortport' local http = require 'http' local stdnse = require 'stdnse' local url = require 'url' local httpspider = require 'httpspider' local string = require 'string' local table = require 'table' local function check_response(body) -- this is a random part of google.com code return string.find(body, '