PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

New script: http-mcmp. Closes #304

Browse Source
This commit is contained in:
dmiller
2016-06-25 19:23:26 +00:00
parent 72f3a17c60
commit 1c16a55227
3 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added http-mcmp for detecting mod_cluster Management Protocol (MCMP)
and dumping its configuration. [Frank Spierings]
o [Nping] Nping is now fully compatible with Npcap. [Daniel Miller] o [Nping] Nping is now fully compatible with Npcap. [Daniel Miller]
o [GH#279][Zenmap] Added a legend for the Topography window. [Suraj Hande] o [GH#279][Zenmap] Added a legend for the Topography window. [Suraj Hande]

70
scripts/http-mcmp.nse Normal file
View File

@@ -0,0 +1,70 @@
description = [[
Checks if the webserver allows mod_cluster management protocol (MCMP) methods.
The script sends a MCMP PING message to determine protocol support, then issues
the DUMP command to dump the current configuration seen by mod_cluster_manager.
References:
* https://developer.jboss.org/wiki/Mod-ClusterManagementProtocol
]]
---
-- @output
-- | http-mcmp:
-- | status: Mod_cluster Management Protocol enabled
-- | version: 1.2.0.Final
-- | dump:
-- | balancer: [1] Name: mycluster Sticky: 1 [JSESSIONID]/[jsessionid] remove: 0 force: 0 Timeout: 0 maxAttempts: 1
-- | node: [1:1],Balancer: mycluster,JVMRoute: 2ca5eb39-053e-336f-8708-85f753a3adf2,LBGroup: [],Host: 155.250.130.22,Port: 11000,Type: http,flushpackets: 0,flushwait: 10,ping: 10,smax: 1,ttl: 60,timeout: 0
-- | node: [2:2],Balancer: mycluster,JVMRoute: 3fef9557-32f8-309f-9b9a-af1e6951ee17,LBGroup: [],Host: 155.250.130.21,Port: 11000,Type: http,flushpackets: 0,flushwait: 10,ping: 10,smax: 1,ttl: 60,timeout: 0
-- | host: 1 [localhost] vhost: 1 node: 1
-- | host: 2 [localhost] vhost: 1 node: 2
-- | context: 1 [/stisvc] vhost: 1 node: 1 status: 1
-- |_context: 2 [/stisvc] vhost: 1 node: 2 status: 1
--
--
--<elem key="status">Mod_cluster Management Protocol enabled</elem>
--<elem key="version">1.3.1.Final</elem>
--<elem key="dump">&#xa;balancer: [1] Name: seta-cluster-jboss Sticky: 1 [JSESSIONID]/[jsessionid] remove: 0 force: 0 Timeout: 0 maxAttempts: 1&#xa;node: [1:1],Balancer: seta-cluster-jboss,JVMRoute: sv-seta-sas-jb1,LBGroup: [],Host: 10.20.98.38,Port: 8009,Type: ajp,flushpackets: 0,flushwait: 10,ping: 10,smax: 2,ttl: 60,timeout: 0&#xa;node: [2:2],Balancer: seta-cluster-jboss,JVMRoute: sv-seta-sas-jb2,LBGroup: [],Host: 10.20.98.39,Port: 8009,Type: ajp,flushpackets: 0,flushwait: 10,ping: 10,smax: 2,ttl: 60,timeout: 0&#xa;host: 1 [example.com] vhost: 1 node: 1&#xa;host: 2 [localhost] vhost: 1 node: 1&#xa;host: 3 [default-host] vhost: 1 node: 1&#xa;host: 4 [example.com] vhost: 1 node: 2&#xa;host: 5 [localhost] vhost: 1 node: 2&#xa;host: 6 [default-host] vhost: 1 node: 2&#xa;context: 1 [/cgs] vhost: 1 node: 1 status: 1&#xa;context: 2 [/RequisicaoSeta] vhost: 1 node: 1 status: 1&#xa;context: 3 [/prodex-ensaio] vhost: 1 node: 1 status: 1&#xa;context: 4 [/gestordeacessos] vhost: 1 node: 1 status: 1&#xa;</elem>
author = "Frank Spierings"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"safe", "discovery"}
local stdnse = require "stdnse"
local shortport = require "shortport"
local http = require "http"
local nmap = require "nmap"
local table = require "table"
portrule = shortport.http
action = function(host, port)
local output = stdnse.output_table()
local response = http.generic_request(host, port, 'PING', '/')
if (response.status == 200 and http.response_contains(response, "Type=PING%-RSP")) then
output.status = 'Mod_cluster Management Protocol enabled'
if response.header.server then
local version = response.header.server:match('mod_cluster/(%d[%w%._%-]*)')
if version then
output.version = version
local cpe_found = false
port.version.cpe = port.version.cpe or {}
for _, cpe in ipairs(port.version.cpe) do
cpe_found = cpe:match('mod_cluster')
if cpe_found then break end
end
if not cpe_found then
table.insert(port.version.cpe, ("cpe:/a:redhat:mod_cluster:%s"):format(version))
nmap.set_port_version(host, port, "hardmatched")
end
end
end
response = http.generic_request(host, port, 'DUMP', '/')
if (response.status == 200) then
output.dump = "\n" .. response.body
end
return output
end
end

1
scripts/script.db
View File

@@ -194,6 +194,7 @@ Entry { filename = "http-litespeed-sourcecode-download.nse", categories = { "exp
Entry { filename = "http-ls.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "http-ls.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } } Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-malware-host.nse", categories = { "malware", "safe", } } Entry { filename = "http-malware-host.nse", categories = { "malware", "safe", } }
Entry { filename = "http-mcmp.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-method-tamper.nse", categories = { "auth", "vuln", } } Entry { filename = "http-method-tamper.nse", categories = { "auth", "vuln", } }
Entry { filename = "http-methods.nse", categories = { "default", "safe", } } Entry { filename = "http-methods.nse", categories = { "default", "safe", } }
Entry { filename = "http-mobileversion-checker.nse", categories = { "discovery", "safe", } } Entry { filename = "http-mobileversion-checker.nse", categories = { "discovery", "safe", } }