PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Update http-server-header in a few ways

Browse Source 
1. Use "softmatched" to let Nmap print the service fingerprint for the
user to submit.

2. Run even if version detection got a good match. This allows it to be
run by-name, or to provide additional info if available. Existing match
will not be clobbered, though.

3. Use comm.lua's default timeouts. Also, no need to pass port.protocol,
since comm.tryssl will use the port table directly.

4. XML output
This commit is contained in:
dmiller
2014-09-20 05:40:44 +00:00
parent d50436def8
commit 5db940fc70
1 changed files with 15 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
scripts/http-server-header.nse
View File

@@ -14,29 +14,25 @@ correctly.
--@output
-- PORT STATE SERVICE VERSION
-- 80/tcp open http Unidentified Server 1.0
--@args
-- http-server-header.skip If set, this script will not run. Useful for
-- printing service fingerprints to submit to Nmap.org
--
-- PORT STATE SERVICE VERSION
-- 80/tcp open http Unidentified Server 1.0
-- | http-server-header:
-- |_ Server: Unidentified Server 1.0
--
--@xmloutput
--<elem key="Server">Unidentified Server 1.0</elem>
author = "Daniel Miller"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"version"}
portrule = function(host, port)
if stdnse.get_script_args(SCRIPT_NAME .. ".skip") then
return false
end
-- Avoid running if -sV scan already got a match
if type(port.version) == "table" and (port.version.name_confidence > 3 or port.version.product ~= nil) then
return false
end
return (shortport.http(host,port) and nmap.version_intensity() >= 7)
end
action = function(host, port)
local status, result = comm.tryssl(host, port,
"GET / HTTP/1.0\r\n\r\n",
{proto=port.protocol, timeout=5000})
local status, result = comm.tryssl(host, port, "GET / HTTP/1.0\r\n\r\n")
if (not status) then
return nil
@@ -52,17 +48,15 @@ action = function(host, port)
local http_server = string.match(result, "\nServer:%s*(.-)\r?\n")
if port.version.product == nil then
-- Avoid setting version info if -sV scan already got a match
if port.version.product == nil and port.version.name_confidence <= 3 then
port.version.product = http_server
-- Setting "softmatched" allows the service fingerprint to be printed
nmap.set_port_version(host, port, "softmatched")
end
nmap.set_port_version(host, port, "hardmatched")
if nmap.verbosity() > 0 then
return [[
Software version grabbed from Server header.
Consider submitting a service fingerprint.
Run with --script-args http-server-header.skip
]]
if nmap.verbosity() > 0 and http_server then
return {Server=http_server}
else
return nil
end