PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-24 08:29:04 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Added a new script http-put.nse that allows uploading of local files

Browse Source 
to remote web servers using the HTTP PUT method. Added HTTP PUT support to
  the http library. [Patrik]
This commit is contained in:
patrik
2011-10-20 02:32:51 +00:00
parent 4fb375b96d
commit 005322c8d4
4 changed files with 83 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
scripts/http-put.nse Normal file
View File

@@ -0,0 +1,52 @@
description = [[
Uploads a local file to a remote web server using the HTTP PUT method.
]]
---
-- @usage
-- nmap -p 80 <ip> --script http-put --script-args http-put.url='/uploads/rootme.php',http-put.file='/tmp/rootme.php'
--
-- @output
-- PORT STATE SERVICE
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_http-put: /uploads/rootme.php was successfully created
--
-- @args http-put.file - The full path to the local file that should be uploaded to the server
-- @args http-put.url - The remote directory and filename to store the file to e.g. (/uploads/file.txt)
--
--
--
-- Version 0.1
-- Created 10/15/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
--
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "discovery", "safe"}
require 'shortport'
require 'stdnse'
require 'http'
portrule = shortport.port_or_service( {80, 443}, {"http", "https"}, "tcp", "open")
action = function( host, port )
local fname, url = stdnse.get_script_args('http-url.file', 'http-put.url')
if ( not(fname) or not(url) ) then return end
local f = io.open(fname, "r")
if ( not(f) ) then return ("ERROR: Failed to open file: %s"):format(fname) end
local content = f:read("*all")
f:close()
local response = http.put(host, port, url, nil, content)
if ( response.status == 200 or response.status == 204 ) then
return ("%s was successfully created"):format(url)
end
return ("ERROR: %s could not be created"):format(url)
end

2
scripts/script.db
View File

@@ -96,6 +96,7 @@ Entry { filename = "http-methods.nse", categories = { "default", "safe", } }
Entry { filename = "http-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-php-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-put.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "http-robots.txt.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-title.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-trace.nse", categories = { "discovery", "safe", "vuln", } }
@@ -214,6 +215,7 @@ Entry { filename = "smtp-vuln-cve2011-1720.nse", categories = { "intrusive", "vu
Entry { filename = "smtp-vuln-cve2011-1764.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "sniffer-detect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "snmp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "snmp-brute2.nse", categories = { "auth", "intrusive", } }
Entry { filename = "snmp-interfaces.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-ios-config.nse", categories = { "intrusive", } }
Entry { filename = "snmp-netstat.nse", categories = { "default", "discovery", "safe", } }