Add http-generator.nse by Michael Kohl.

2025-12-08 21:51:28 +00:00 · 2012-01-12 19:45:11 +00:00
parent dbdbe4e077
commit 1a9700019f
3 changed files with 54 additions and 0 deletions
--- a/4
+++ b/4
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [NSE] Added http-generator.nse by Michael Kohl, which gets version
+  information for web applications that set the "generator" meta
+  element.
+
 o [NSE] Added the script broadcast-pppoe-discover that discovers PPPoE servers
  on the LAN using the PPPoE Discovery Protocol. [Patrik]

--- a/scripts/http-generator.nse
+++ b/scripts/http-generator.nse
@@ -0,0 +1,49 @@
+description = [[
+Displays the contents of the "generator" meta tag if there is one.
+]]
+
+author = "Michael Kohl"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+---
+-- @usage
+-- nmap -p 80,443 --script http-generator <host>
+-- @output
+-- PORT    STATE SERVICE
+-- 80/tcp  open  http
+-- |_http-generator: TYPO3 4.2 CMS
+-- 443/tcp open  https
+-- |_http-generator: TYPO3 4.2 CMS
+
+--- TODO:
+-- add arg for web path
+-- add arg for maximum number of redirects
+
+require('http')
+require('shortport')
+
+portrule = shortport.http
+
+action = function(host, port)
+   local response, loc, generator
+   -- Worst case: <meta name=Generator content="Microsoft Word 11">
+   local pattern = '<meta name="?generator"? content="([^\"]*)" ?/?>'
+
+   -- make pattern case-insensitive
+   pattern = pattern:gsub("%a", function (c)
+               return string.format("[%s%s]", string.lower(c),
+                                              string.upper(c))
+             end)
+
+   response = http.get(host, port, '/')
+
+   -- deals with only one redirect
+   if response['status-line']:lower():match("^http/1.1 30[12]") then
+      loc = response.header['location']
+      response = http.get_url(loc)
+   end
+
+   return response.body:match(pattern)
+
+end
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -106,6 +106,7 @@ Entry { filename = "http-email-harvest.nse", categories = { "discovery", "safe",
 Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vuln", } }
 Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "http-form-brute.nse", categories = { "brute", "intrusive", } }
+Entry { filename = "http-generator.nse", categories = { "discovery", "safe", } }
 Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } }
 Entry { filename = "http-grep.nse", categories = { "discovery", "safe", } }
 Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } }