PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Add http-generator.nse by Michael Kohl.

Browse Source
This commit is contained in:
david
2012-01-12 19:45:11 +00:00
parent dbdbe4e077
commit 1a9700019f
3 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added http-generator.nse by Michael Kohl, which gets version
information for web applications that set the "generator" meta
element.
o [NSE] Added the script broadcast-pppoe-discover that discovers PPPoE servers o [NSE] Added the script broadcast-pppoe-discover that discovers PPPoE servers
on the LAN using the PPPoE Discovery Protocol. [Patrik] on the LAN using the PPPoE Discovery Protocol. [Patrik]

49
scripts/http-generator.nse Normal file
View File

@@ -0,0 +1,49 @@
description = [[
Displays the contents of the "generator" meta tag if there is one.
]]
author = "Michael Kohl"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}
---
-- @usage
-- nmap -p 80,443 --script http-generator <host>
-- @output
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_http-generator: TYPO3 4.2 CMS
-- 443/tcp open https
-- |_http-generator: TYPO3 4.2 CMS
--- TODO:
-- add arg for web path
-- add arg for maximum number of redirects
require('http')
require('shortport')
portrule = shortport.http
action = function(host, port)
local response, loc, generator
-- Worst case: <meta name=Generator content="Microsoft Word 11">
local pattern = '<meta name="?generator"? content="([^\"]*)" ?/?>'
-- make pattern case-insensitive
pattern = pattern:gsub("%a", function (c)
return string.format("[%s%s]", string.lower(c),
string.upper(c))
end)
response = http.get(host, port, '/')
-- deals with only one redirect
if response['status-line']:lower():match("^http/1.1 30[12]") then
loc = response.header['location']
response = http.get_url(loc)
end
return response.body:match(pattern)
end

1
scripts/script.db
View File

@@ -106,6 +106,7 @@ Entry { filename = "http-email-harvest.nse", categories = { "discovery", "safe",
Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vuln", } } Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vuln", } }
Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-form-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "http-form-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "http-generator.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } } Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } }
Entry { filename = "http-grep.nse", categories = { "discovery", "safe", } } Entry { filename = "http-grep.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } } Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } }