PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 09:49:05 +00:00
Code Issues Projects Releases Wiki Activity

Added some checks for http response's body being nil.

Browse Source
This commit is contained in:
perdo
2012-07-23 22:47:11 +00:00
parent a1abb40d50
commit 8025ba5a5a
5 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nselib/http.lua
View File

@@ -1795,6 +1795,7 @@ end
-- @return A list of forms. -- @return A list of forms.
function grab_forms(body) function grab_forms(body)
local forms = {} local forms = {}
if not body then return forms end
local form_start_expr = '<%s*[Ff][Oo][Rr][Mm]' local form_start_expr = '<%s*[Ff][Oo][Rr][Mm]'
local form_end_expr = '</%s*[Ff][Oo][Rr][Mm]>' local form_end_expr = '</%s*[Ff][Oo][Rr][Mm]>'

2
scripts/http-auth-finder.nse
View File

@@ -100,7 +100,7 @@ action = function(host, port)
end end
nmap.registry.auth_urls[r.url] = "HTTP" nmap.registry.auth_urls[r.url] = "HTTP"
-- FORM-based authentication -- FORM-based authentication
else elseif r.response.body then
-- attempt to detect a password input form field -- attempt to detect a password input form field
if ( r.response.body:match("<[Ii][Nn][Pp][Uu][Tt].-[Tt][Yy][Pp][Ee]%s*=\"*[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]") ) then if ( r.response.body:match("<[Ii][Nn][Pp][Uu][Tt].-[Tt][Yy][Pp][Ee]%s*=\"*[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]") ) then
tab.addrow(auth_urls, r.url, "FORM") tab.addrow(auth_urls, r.url, "FORM")

8
scripts/http-email-harvest.nse
View File

@@ -67,9 +67,11 @@ function action(host, port)
end end
-- Collect each e-mail address and build a unique index of them -- Collect each e-mail address and build a unique index of them
for email in r.response.body:gmatch(EMAIL_PATTERN) do if r.response.body then
emails[email] = true for email in r.response.body:gmatch(EMAIL_PATTERN) do
end emails[email] = true
end
end
end end
-- if no email addresses were collected abort -- if no email addresses were collected abort

2
scripts/http-grep.nse
View File

@@ -91,7 +91,7 @@ action = function(host, port)
local matches = {} local matches = {}
local body = r.response.body local body = r.response.body
-- try to match the url and body -- try to match the url and body
if ( body:match( match ) or tostring(r.url):match(match) ) then if body and ( body:match( match ) or tostring(r.url):match(match) ) then
local count = select(2, body:gsub(match, match)) local count = select(2, body:gsub(match, match))
for match in body:gmatch(match) do for match in body:gmatch(match) do
table.insert(matches, "+ " .. shortenMatch(match)) table.insert(matches, "+ " .. shortenMatch(match))

2
scripts/http-unsafe-output-escaping.nse
View File

@@ -66,7 +66,7 @@ local function getReflected(parsed, r)
local q = url.parse_query(parsed.query) local q = url.parse_query(parsed.query)
-- Check the values (and keys) and see if they are reflected in the page -- Check the values (and keys) and see if they are reflected in the page
for k,v in pairs(q) do for k,v in pairs(q) do
if r.response.body:find(v, 1, true) then if r.response.body and r.response.body:find(v, 1, true) then
dbg("Reflected content %s=%s", k,v) dbg("Reflected content %s=%s", k,v)
reflected_values[k] = v reflected_values[k] = v
count = count +1 count = count +1