HTTP Apache Negotiation Scanner

Checks if the target http server has mod_negotiation enabled. This feature can be leveraged to find hidden resources and spider a web site using fewer requests.

The script works by sending requests for resources like index and home without specifying the extension. If mod_negotiate is enabled (default Apache configuration), the target would reply with content-location header containing target resource (such as index.html) and vary header containing "negotiate" depending on the configuration.

For more information, see:

• http://www.wisec.it/sectou.php?id=4698ebdc59d15
• Metasploit auxiliary module /modules/auxiliary/scanner/http/mod_negotiation_scanner.rb