From 5db940fc7044006200a5db575e61cb4bc8ddec13 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 20 Sep 2014 05:40:44 +0000
Subject: [PATCH] Update http-server-header in a few ways

1. Use "softmatched" to let Nmap print the service fingerprint for the
user to submit.

2. Run even if version detection got a good match. This allows it to be
run by-name, or to provide additional info if available. Existing match
will not be clobbered, though.

3. Use comm.lua's default timeouts. Also, no need to pass port.protocol,
since comm.tryssl will use the port table directly.

4. XML output
---
 scripts/http-server-header.nse | 36 ++++++++++++++--------------------
 1 file changed, 15 insertions(+), 21 deletions(-)

diff --git a/scripts/http-server-header.nse b/scripts/http-server-header.nse
index 207ad26d5..e27284381 100644
--- a/scripts/http-server-header.nse
+++ b/scripts/http-server-header.nse
@@ -14,29 +14,25 @@ correctly.
 --@output
 -- PORT   STATE SERVICE VERSION
 -- 80/tcp open  http    Unidentified Server 1.0
---@args
--- http-server-header.skip  If set, this script will not run. Useful for
---                          printing service fingerprints to submit to Nmap.org
+--
+-- PORT   STATE SERVICE VERSION
+-- 80/tcp open  http    Unidentified Server 1.0
+-- | http-server-header:
+-- |_ Server: Unidentified Server 1.0
+--
+--@xmloutput
+--<elem key="Server">Unidentified Server 1.0</elem>
 
 author = "Daniel Miller"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 categories = {"version"}
 
 portrule = function(host, port)
-  if stdnse.get_script_args(SCRIPT_NAME .. ".skip") then
-    return false
-  end
-  -- Avoid running if -sV scan already got a match
-  if type(port.version) == "table" and (port.version.name_confidence > 3 or port.version.product ~= nil) then
-    return false
-  end
   return (shortport.http(host,port) and nmap.version_intensity() >= 7)
 end
 
 action = function(host, port)
-  local status, result = comm.tryssl(host, port,
-    "GET / HTTP/1.0\r\n\r\n",
-    {proto=port.protocol, timeout=5000})
+  local status, result = comm.tryssl(host, port, "GET / HTTP/1.0\r\n\r\n")
 
   if (not status) then
     return nil
@@ -52,17 +48,15 @@ action = function(host, port)
 
   local http_server = string.match(result, "\nServer:%s*(.-)\r?\n")
 
-  if port.version.product == nil then
+  -- Avoid setting version info if -sV scan already got a match
+  if port.version.product == nil and port.version.name_confidence <= 3 then
     port.version.product = http_server
+    -- Setting "softmatched" allows the service fingerprint to be printed
+    nmap.set_port_version(host, port, "softmatched")
   end
-  nmap.set_port_version(host, port, "hardmatched")
 
-  if nmap.verbosity() > 0 then
-    return [[
-Software version grabbed from Server header.
-Consider submitting a service fingerprint.
-Run with --script-args http-server-header.skip
-]]
+  if nmap.verbosity() > 0 and http_server then
+    return {Server=http_server}
   else
     return nil
   end