Rename scripts (almost all of them) to make their names more consistent and

make them look better in output. The full list of changes is anonFTP => ftp-anon ASN => asn-query brutePOP3 => pop3-brute bruteTelnet => telnet-brute daytimeTest => daytime dns-safe-recursion-port => dns-random-srcport dns-safe-recursion-txid => dns-random-txid dns-test-open-recursion => dns-recursion ftpbounce => ftp-bounce HTTPAuth => http-auth HTTP_open_proxy => http-open-proxy HTTPpasswd => http-passwd HTTPtrace => http-trace iax2Detect => iax2-version ircServerInfo => irc-info ircZombieTest => irc-zombie MSSQLm => ms-sql-info MySQLinfo => mysql-info popcapa => pop3-capabilities PPTPversion => pptp-version promiscuous => sniffer-detect RealVNC_auth_bypass => realvnc-auth-bypass robots => robots.txt showHTMLTitle => html-title showOwner => identd-owners skype_v2-version => skypev2-version smb-enumdomains => smb-enum-domains smb-enumsessions => smb-enum-sessions smb-enumshares => smb-enum-shares smb-enumusers => smb-enum-users smb-serverstats => smb-server-stats smb-systeminfo => smb-system-info SMTPcommands => smtp-commands SMTP_openrelay_test => smtp-open-relay SNMPcommunitybrute => snmp-brute SNMPsysdescr => snmp-sysdescr SQLInject => sql-injection SSH-hostkey => ssh-hostkey SSHv1-support => sshv1 SSLv2-support => sslv2 strangeSMTPport => smtp-strangeport UPnP-info => upnp-info xamppDefaultPass => xampp-default-auth zoneTrans => zone-transfer
2025-12-06 04:31:29 +00:00 · 2008-11-06 02:52:59 +00:00
parent ddf146cb30
commit 6fbc8868a9
46 changed files with 129 additions and 126 deletions
--- a/scripts/http-auth.nse
+++ b/scripts/http-auth.nse
@@ -0,0 +1,69 @@
+description = [[
+Gets the authentication scheme and realm of a web service that requires
+authentication.
+]]
+
+---
+-- @output
+-- |  http-auth: HTTP Service requires authentication
+-- |_   Auth type: Basic, realm = DSL Router
+
+-- HTTP authentication information gathering script
+-- rev 1.1 (2007-05-25)
+
+author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"
+
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+
+categories = {"default", "auth", "intrusive"}
+
+require "shortport"
+require "http"
+
+portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"})
+
+action = function(host, port)
+  local realm,scheme,result
+  local basic = false
+
+  local answer = http.get( host, port, "/" )
+
+  --- check for 401 response code
+  if answer.status == 401 then
+    result = "HTTP Service requires authentication\n"
+
+    -- split www-authenticate header
+    local auth_headers = {}
+    local pcre = pcre.new('\\w+( (\\w+=("[^"]+"|\\w+), *)*(\\w+=("[^"]+"|\\w+)))?',0,"C")
+    local match = function( match ) table.insert(auth_headers, match) end
+    pcre:gmatch( answer.header['www-authenticate'], match )
+
+    for _, value in pairs( auth_headers ) do
+      result = result .. "  Auth type: "
+      scheme, realm = string.match(value, "(%a+).-[Rr]ealm=\"(.-)\"")
+      if scheme == "Basic" then
+        basic = true
+      end
+      if realm ~= nil then
+        result = result .. scheme .. ", realm = " .. realm .. "\n"
+      else
+        result = result .. string.match(value, "(%a+)") .. "\n"
+      end
+    end
+  end
+
+  if basic then
+    answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46C"}})
+    if answer.status ~= 401 and answer.status ~= 403 then
+      result = result .. "  HTTP server may accept user=\"admin\" with blank password for Basic authentication\n"
+    end
+
+    answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46YWRtaW4"}})
+    if answer.status ~= 401 and answer.status ~= 403 then
+      result = result .. "  HTTP server may accept user=\"admin\" with password=\"admin\" for Basic authentication\n"
+    end
+  end
+
+  return result
+end
+