PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 20:51:30 +00:00
Code Issues Projects Releases Wiki Activity

Add http-server-header as a last-ditch means to get httpd version

Browse Source 
See http://seclists.org/nmap-dev/2013/q3/599 for justification.
This commit is contained in:
dmiller
2013-11-08 21:19:36 +00:00
parent 847354e266
commit 3e54536dab
3 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG
View File

@@ -1,5 +1,10 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Add http-server-header script to grab the Server header as a last-ditch
effort to get a software version. This can't be done as a softmatch because
of the need to match non-HTTP services that obey some HTTP requests. [Daniel
Miller]
o [NSE] Add rfc868-time script to get the date and time from an RFC 868 Time o [NSE] Add rfc868-time script to get the date and time from an RFC 868 Time
server. [Daniel Miller] server. [Daniel Miller]

51
scripts/http-server-header.nse Normal file
View File

@@ -0,0 +1,51 @@
local comm = require "comm"
local string = require "string"
local shortport = require "shortport"
local nmap = require "nmap"
description = [[
Uses the HTTP Server header for missing version info. This is currently
infeasible with version probes because of the need to match non-HTTP services
correctly.
]]
---
--@output
-- PORT STATE SERVICE VERSION
-- 80/tcp open http Unidentified Server 1.0
author = "Daniel Miller"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"version"}
portrule = function(host, port)
-- Avoid running if -sV scan already got a match
if type(port.version) == "table" and (port.version.name_confidence > 3 or port.version.product ~= nil) then
return false
end
return shortport.http(host,port)
end
action = function(host, port)
local status, result = comm.tryssl(host, port,
"GET / HTTP/1.0\r\n\r\n",
{proto=port.protocol, timeout=5000})
if (not status) then
return nil
end
local http_server = string.match(result, "\nServer:%s*(.-)\r?\n")
if http_server == nil then
return nil
end
port.version = port.version or {}
if port.version.product == nil then
port.version.product = http_server
end
nmap.set_port_version(host, port, "hardmatched")
return
end

1
scripts/script.db
View File

@@ -196,6 +196,7 @@ Entry { filename = "http-rfi-spider.nse", categories = { "intrusive", } }
Entry { filename = "http-robots.txt.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "http-robots.txt.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-robtex-reverse-ip.nse", categories = { "discovery", "external", "safe", } } Entry { filename = "http-robtex-reverse-ip.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "http-robtex-shared-ns.nse", categories = { "discovery", "external", "safe", } } Entry { filename = "http-robtex-shared-ns.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "http-server-header.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "http-sitemap-generator.nse", categories = { "discovery", "intrusive", } } Entry { filename = "http-sitemap-generator.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-slowloris-check.nse", categories = { "safe", "vuln", } } Entry { filename = "http-slowloris-check.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-slowloris.nse", categories = { "dos", "intrusive", } } Entry { filename = "http-slowloris.nse", categories = { "dos", "intrusive", } }