documentation/modules/auxiliary/scanner/http/robots_txt.md
This module will detect robots.txt files on web servers and analyze its content.
The robots.txt file is a file which is supposed to be honored by web crawlers
and bots, as locations which are not to be indexed or specifically called out
to be indexed. This can be abused to reveal interesting information about areas
of the site which an admin may not want to be public knowledge.
You can use almost any web application to test this module, as robots.txt
is extremely common.
use auxiliary/scanner/http/robots_txtset rhosts [ip]runrobots.txt file contentYou can set the test path where the scanner will try to find robots.txt file.
Default is /
msf> use auxiliary/scanner/http/robots_txt
msf auxiliary(robots_txt) > set RHOSTS 172.217.19.238
msf auxiliary(robots_txt) > run
[*] [172.217.19.238] /robots.txt found
[+] Contents of Robots.txt:
User-agent: *
Disallow: /search
Allow: /search/about
Disallow: /sdch
Disallow: /groups
Disallow: /index.html?
Disallow: /?
[...Truncated...]
User-agent: facebookexternalhit
Allow: /imgres
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed