diff --git a/CHANGELOG b/CHANGELOG index fb674febf..b20ac97f5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Updated http-php-version hash database to cover all versions from PHP + 4.1.0 to PHP 5.4.45. Based on scans of a few thousand PHP web servers pulled + from Shodan API (https://www.shodan.io/) [Daniel Miller] + o [GH#272][GH#269] Give option parsing errors after the usage statement, or avoid printing the usage statement in some cases. The options summary has grown quite large, requiring users to scroll to the top to see the error diff --git a/scripts/http-php-version.nse b/scripts/http-php-version.nse index c124b4344..133c4b3e3 100644 --- a/scripts/http-php-version.nse +++ b/scripts/http-php-version.nse @@ -17,6 +17,8 @@ A list of magic queries is at http://www.0php.com/php_easter_egg.php. The script also checks if any header field value starts with "PHP" and reports that value if found. +PHP versions after 5.5.0 do not respond to these queries. + Link: * http://phpsadness.com/sad/11 ]] @@ -25,10 +27,12 @@ Link: -- @output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack --- | http-php-version: Versions from logo query (less accurate): 4.3.11, 4.4.0 - 4.4.4, 4.4.9, 5.0.5-2ubuntu1.1, 5.0.5-pl3-gentoo, 5.1.0 - 5.1.2 +-- | http-php-version: Versions from logo query (less accurate): 4.3.11, 4.4.0 - 4.4.9, 5.0.4 - 5.0.5, 5.1.0 - 5.1.2 -- | Versions from credits query (more accurate): 5.0.5 -- |_Version from header x-powered-by: PHP/5.0.5 +-- 2016-02-05: Updated versions based on scans of Internet hosts. Table is +-- likely complete, since new PHP versions are not vulnerable. -- 08/10/2010: -- * Added a check on the http status when querying the server: -- if the http code is 200 (ok), proceed. (thanks to Tom Sellers who has reported this lack of check) @@ -57,44 +61,58 @@ local LOGO_HASHES = { -- PHP Code Guy With Breadsticks (Thies C. Arntzen) ["85be3b4be7bfe839cbb3b4f2d30ff983"] = {"4.0.0 - 4.2.3"}, -- Brown Dog In Grass (Nadia) - ["a57bd73e27be03a62dd6b3e1b537a72c"] = {"4.3.0 - 4.3.10"}, + ["a57bd73e27be03a62dd6b3e1b537a72c"] = {"4.3.0 - 4.3.11"}, -- Elephant - ["fb3bbd9ccc4b3d9e0b3be89c5ff98a14"] = {"5.3.0 - 5.3.18", "5.4.0 - 5.4.8"}, + ["fb3bbd9ccc4b3d9e0b3be89c5ff98a14"] = {"5.3.0 - 5.3.29", "5.4.0 - 5.4.45"}, } local CREDITS_HASHES = { - ["1776a7c1b3255b07c6b9f43b9f50f05e"] = {"5.2.6"}, - ["1ffc970c5eae684bebc0e0133c4e1f01"] = {"5.2.8"}, - ["23f183b78eb4e3ba8b3df13f0a15e5de"] = {"5.3.9 - 5.3.18"}, - ["2e7f5372931a7f6f86786e95871ac947"] = {"5.3.6"}, + ["744aecef04f9ed1bc39ae773c40017d1"] = {"4.0.1pl2", "4.1.0 - 4.1.2", "4.2.2"}, + ["4ba58b973ecde12dafbbd40b54afac43"] = {"4.1.1 OpenVMS"}, + ["8bc001f58bf6c17a67e1ca288cb459cc"] = {"4.2.0 - 4.2.2"}, ["3422eded2fcceb3c89cabb5156b5d4e2"] = {"4.2.3"}, - ["3c31e4674f42a49108b5300f8e73be26"] = {"5.0.0 - 5.0.5"}, - ["50ac182f03fc56a719a41fc1786d937d"] = {"4.3.11", "4.4.0 - 4.4.4", "4.4.9", "5.0.5-2ubuntu1.1", "5.0.5-pl3-gentoo", "5.1.0 - 5.1.2"}, - ["54f426521bf61f2d95c8bfaa13857c51"] = {"5.1.4", "5.2.9 - 5.2.14"}, - ["5518a02af41478cfc492c930ace45ae5"] = {"5.1.0 - 5.1.1"}, + ["1e04761e912831dd29b7a98785e7ac61"] = {"4.3.0"}, + ["1e04761e912831dd29b7a98785e7ac61"] = {"4.3.1"}, + ["65eaaaa6c5fdc950e820f9addd514b8b"] = {"4.3.1 Mandrake Linux"}, + ["8a8b4a419103078d82707cf68226a482"] = {"4.3.2"}, + ["22d03c3c0a9cff6d760a4ba63909faea"] = {"4.3.2"}, -- entity encoded "'" + ["8a4a61f60025b43f11a7c998f02b1902"] = {"4.3.3 - 4.3.5"}, + ["39eda6dfead77a33cc6c63b5eaeda244"] = {"4.3.3 - 4.3.5"}, -- entity encoded "'" + ["913ec921cf487109084a518f91e70859"] = {"4.3.6 - 4.3.8"}, + ["884ba1f11e0e956c7c3ba64e5e33ee9f"] = {"4.3.6 - 4.3.8"}, -- entity encoded + ["c5fa6aec2cf0172a5a1df7082335cf9e"] = {"4.3.8 Mandrake Linux"}, + ["8fbf48d5a2a64065fc26db3e890b9871"] = {"4.3.9 - 4.3.11"}, + ["f9b56b361fafd28b668cc3498425a23b"] = {"4.3.9 - 4.3.11"}, -- entity encoded "'" + ["ddf16ec67e070ec6247ec1908c52377e"] = {"4.4.0"}, + ["3d7612c9927b4c5cfff43efd27b44124"] = {"4.4.0"}, -- entity encoded "'" ["55bc081f2d460b8e6eb326a953c0e71e"] = {"4.4.1"}, - ["56f9383587ebcc94558e11ec08584f05"] = {"5.2.2"}, - ["692a87ca2c51523c17f597253653c777"] = {"4.4.6-0.dotdeb.2"}, - ["6a1c211f27330f1ab602c7c574f3a279"] = {"5.2.0"}, + ["bed7ceff09e9666d96fdf3518af78e0e"] = {"4.4.2 - 4.4.4"}, + ["692a87ca2c51523c17f597253653c777"] = {"4.4.5 - 4.4.7"}, + ["50ac182f03fc56a719a41fc1786d937d"] = {"4.4.8 - 4.4.9"}, + ["3c31e4674f42a49108b5300f8e73be26"] = {"5.0.0 - 5.0.5"}, + ["e54dbf41d985bfbfa316dba207ad6bce"] = {"5.0.0"}, ["6be3565cdd38e717e4eb96868d9be141"] = {"5.0.5"}, + ["b7cf53972b35b5d57f12c9d857b6b507"] = {"5.0.5 ActiveScript"}, + ["5518a02af41478cfc492c930ace45ae5"] = {"5.1.0 - 5.1.1"}, ["6cb0a5ba2d88f9d6c5c9e144dd5941a6"] = {"5.1.2"}, - ["744aecef04f9ed1bc39ae773c40017d1"] = {"4.0.1pl2", "4.1.2", "4.2.2"}, ["82fa2d6aa15f971f7dadefe4f2ac20e3"] = {"5.1.3 - 5.1.6"}, - ["85da0a620fabe694dab1d55cbf1e24c3"] = {"5.4.0 - 5.4.7"}, - ["8a4a61f60025b43f11a7c998f02b1902"] = {"4.3.4"}, - ["8fbf48d5a2a64065fc26db3e890b9871"] = {"4.3.10"}, - ["913ec921cf487109084a518f91e70859"] = {"4.3.2 - 4.3.3", "4.3.6", "4.3.8 - 4.3.10"}, + ["6a1c211f27330f1ab602c7c574f3a279"] = {"5.2.0"}, + ["d3894e19233d979db07d623f608b6ece"] = {"5.2.1"}, + ["56f9383587ebcc94558e11ec08584f05"] = {"5.2.2"}, + ["c37c96e8728dc959c55219d47f2d543f"] = {"5.2.3 - 5.2.5", "5.2.6RC3"}, + ["1776a7c1b3255b07c6b9f43b9f50f05e"] = {"5.2.6"}, + ["1ffc970c5eae684bebc0e0133c4e1f01"] = {"5.2.7 - 5.2.8"}, + ["54f426521bf61f2d95c8bfaa13857c51"] = {"5.2.9 - 5.2.14"}, ["adb361b9255c1e5275e5bd6e2907c5fb"] = {"5.2.15 - 5.2.17"}, + ["db23b07a9b426d0d033565b878b1e384"] = {"5.3.0"}, ["a4c057b11fa0fba98c8e26cd7bb762a8"] = {"5.3.1 - 5.3.2"}, ["b34501471d51cebafacdd45bf2cd545d"] = {"5.3.3"}, - ["bed7ceff09e9666d96fdf3518af78e0e"] = {"4.4.2 - 4.4.4"}, - ["c37c96e8728dc959c55219d47f2d543f"] = {"5.2.3 - 5.2.5"}, - ["d3894e19233d979db07d623f608b6ece"] = {"5.2.1"}, - ["db23b07a9b426d0d033565b878b1e384"] = {"5.3.0"}, ["e3b18899d0ffdf8322ed18d7bce3c9a0"] = {"5.3.4 - 5.3.5"}, - ["e54dbf41d985bfbfa316dba207ad6bce"] = {"5.0.0"}, - ["ebf6d0333d67af5f80077438c45c8eaa"] = {"5.4.8"}, + ["2e7f5372931a7f6f86786e95871ac947"] = {"5.3.6"}, ["f1f1f60ac0dcd700a1ad30aa81175d34"] = {"5.3.7 - 5.3.8"}, + ["23f183b78eb4e3ba8b3df13f0a15e5de"] = {"5.3.9 - 5.3.29"}, + ["85da0a620fabe694dab1d55cbf1e24c3"] = {"5.4.0 - 5.4.14"}, + ["ebf6d0333d67af5f80077438c45c8eaa"] = {"5.4.15 - 5.4.45"}, } action = function(host, port)