Fingerprinting CakePHP applications with Nmap

I commited a new Nmap NSE script called ‘http-cakephp-version’ that identifies the version of CakePHP applications. 


./nmap --script http-cakephp-version <host/ip>

Sample output

$ ./nmap --script http-cakephp-version -p80 -v
Starting Nmap 5.51SVN ( ) at 2011-05-30 03:08 PDT
NSE: Loaded 1 scripts for scanning.
Initiating Ping Scan at 03:08
Scanning ( [2 ports]
Completed Ping Scan at 03:08, 0.34s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 03:08
Completed Parallel DNS resolution of 1 host. at 03:08, 13.00s elapsed
Initiating Connect Scan at 03:08
Scanning ( [1 port]
Discovered open port 80/tcp on
Completed Connect Scan at 03:08, 0.38s elapsed (1 total ports)
NSE: Script scanning
Initiating NSE at 03:08
Completed NSE at 03:08, 4.63s elapsed
Nmap scan report for (
Host is up (0.35s latency).
80/tcp open  http
| http-cakephp-version: Version of codebase: 1.3.x
| Version of icons: 1.3.x
|_Default stylesheet has an unknown hash: 2c2393fa72edd21a1dc2c4f665316dde
Read data files from: /home/cldrn/projects/nmap/src
Nmap done: 1 IP address (1 host up) scanned in 18.88 seconds


Update your copy of Nmap to get this and other great scripts available.

Leave a Reply

Your email address will not be published. Required fields are marked *