Modified multiple scripts that operated against HTTP based services so as to remove false positives that were generated when the target service answers with a 200 response to all requests.

Some scripts that had been previously modified were updated so that the debug output was consistent. A few scripts were calling identify_404 with host.ip as opposed to the proper host object. This has been adjusted as well.
2025-12-08 21:51:28 +00:00 · 2012-07-08 12:41:37 +00:00
parent 0968973b4a
commit 644595d077
8 changed files with 46 additions and 15 deletions
--- a/3
+++ b/3
@@ -1,4 +1,7 @@
 # Nmap Changelog ($Id$); -*-text-*-
 o [NSOCK] Modified multiple scripts that operated against HTTP based services
  so as to remove false positives that were generated when the target service 
  answers with a 200 response to all requests. [Tom Sellers]
 o [NSE] Added metasploit-info script which uses Metasploit RPC service to get
  information about the remote system. [Aleksandar Nikolic]
--- a/scripts/http-cakephp-version.nse
+++ b/scripts/http-cakephp-version.nse
@@ -59,9 +59,10 @@ action = function(host, port)
 	local output_lines
 	local installation_version
-        local _, http_status, _ = http.identify_404( host.ip,port)
+	-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
 	local _, http_status, _ = http.identify_404(host,port)
 	if ( http_status == 200 ) then
-          stdnse.print_debug(1, "%s:HTTP server always return status 200. Exiting to avoid false positives", SCRIPT_NAME)
+		stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
 		return false
 	end
--- a/scripts/http-default-accounts.nse
+++ b/scripts/http-default-accounts.nse
@@ -226,6 +226,13 @@ action = function(host, port)
  local basepath = stdnse.get_script_args("http-default-accounts.basepath") or "/"
  local output_lns = {}
  -- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
  local _, http_status, _ = http.identify_404(host,port)
  if ( http_status == 200 ) then
    stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
    return false
  end
  --Load fingerprint data or abort 
  status, fingerprints = load_fingerprints(fingerprint_filename, category)
  if(not(status)) then
--- a/scripts/http-huawei-hg5xx-vuln.nse
+++ b/scripts/http-huawei-hg5xx-vuln.nse
@@ -81,9 +81,9 @@ including PPPoE credentials, firmware version, model, gateway, dns servers and a
     }
  -- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
-  local _, http_status, _ = http.identify_404(host.ip,port)
+  local _, http_status, _ = http.identify_404(host,port)
  if ( http_status == 200 ) then
-    stdnse.print_debug(1, "%s:Exiting due to ambiguous response from web server. All URIs return status 200", SCRIPT_NAME)
+    stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
    return false
  end
--- a/scripts/http-malware-host.nse
+++ b/scripts/http-malware-host.nse
@@ -49,6 +49,12 @@ action = function(host, port)
 		return stdnse.format_output(false, "Unknown pages return a 302 response; unable to check")
 	end
 	-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the test
 	if ( result_404 == 200 ) then
 		stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
 		return false
 	end
 	-- Perform a GET request on the file
 	result = http.get_url("http://" .. host.ip .. ":" .. port.number .. "/ts/in.cgi?open2")
 	if(not(result)) then
@@ -73,4 +79,3 @@ action = function(host, port)
 		return nil
 	end
 end
--- a/scripts/http-method-tamper.nse
+++ b/scripts/http-method-tamper.nse
@@ -48,6 +48,13 @@ action = function(host, port)
 		paths = { paths }
 	end
 	-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
 	local _, http_status, _ = http.identify_404(host,port)
 	if ( http_status == 200 ) then
 		stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
 		return false
 	end
 	-- fallback to jmx-console
 	paths = paths or {"/jmx-console/"}
--- a/scripts/membase-http-info.nse
+++ b/scripts/membase-http-info.nse
@@ -122,8 +122,9 @@ end
 action = function(host, port)
 	-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
-  local _, http_status, _ = http.identify_404( host.ip,port)
+	local _, http_status, _ = http.identify_404(host,port)
 	if ( http_status == 200 ) then
 		stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
 		return false
 	end
--- a/scripts/riak-http-info.nse
+++ b/scripts/riak-http-info.nse
@@ -113,6 +113,13 @@ action = function(host, port)
 		return
 	end
 	-- Identify servers that answer 200 to invalid HTTP requests and exit as these would invalidate the tests
 	local _, http_status, _ = http.identify_404(host,port)
 	if ( http_status == 200 ) then
 		stdnse.print_debug(1, "%s: Exiting due to ambiguous response from web server on %s:%s. All URIs return status 200.", SCRIPT_NAME, host.ip, port.number)
 		return false
 	end
 	-- Silently abort if the server responds as anything different than
 	-- MochiWeb
 	if ( response.header['server'] and