diff --git a/CHANGELOG b/CHANGELOG index 9449b7210..c3083dd52 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added the http-gitweb-projects-enum that queries a gitweb for a list + of Git projects, their authors and descriptions. [riemann] + o [NSE] targets-sniffer now is capable of sniffing IPv6 addresses. [Daniel Miller] diff --git a/scripts/http-gitweb-projects-enum.nse b/scripts/http-gitweb-projects-enum.nse new file mode 100644 index 000000000..5366290c7 --- /dev/null +++ b/scripts/http-gitweb-projects-enum.nse @@ -0,0 +1,102 @@ +description=[[ +Gets a list of Git projects, owners and descriptions from a gitweb. +]] + +--- +-- @usage +-- nmap -p80 www.example.com --script http-gitweb-projects-enum +-- +-- @output +-- 80/tcp open http +-- | http-gitweb-projects-enum: +-- | Projects from gitweb.samba.org: +-- | PROJECT AUTHOR DESCRIPTION +-- | sando.git authornum1 no description +-- | camui/san.git devteam no description +-- | albert/tdx.git/.git blueteam no description +-- | +-- | Number of projects: 172 +-- |_ Number of owners: 42 +-- +-- @args http-gitweb.projects-enum.path specifies the location of gitweb +-- (default: /) + +author = "riemann" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"discovery", "safe"} + +local http = require 'http' +local shortport = require 'shortport' +local tab = require 'tab' + +portrule = shortport.http + +--- +-- @param author bloc (if author name are too long we have a span bloc) +-- @return author name filtred from html entities +--- +get_owner = function(res) + local result=res + if ( res:match(']*%>(.-)%)') do + local regx=']*href="(.-)">(.-)(.-)title="(.-)"(.-)(.-)' + for _, project, _, desc, _, owner in tr_code:gmatch(regx) do + + --if desc result return default text of gitweb replace it by no description + if(string.find(desc,'Unnamed repository')) then + desc='no description' + end + + tab.addrow(repo, project, get_owner(owner), desc) + + -- Protect from parsing errors or long owners + -- just an arbitrary value + if owner:len() < 128 and not owners[owner] then + owners[owner] = true + owners_counter = owners_counter + 1 + end + + projects_counter = projects_counter + 1 + end + end + + table.insert(result,tab.dump(repo)) + table.insert(result, "") + table.insert(result, + string.format("Number of projects: %d", projects_counter)) + if (owners_counter > 0 ) then + table.insert(result, + string.format("Number of owners: %d", owners_counter)) + end + + end + return stdnse.format_output(true,result) +end diff --git a/scripts/script.db b/scripts/script.db index 39e841174..3f4eba426 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -128,6 +128,7 @@ Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vu Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "http-form-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "http-generator.nse", categories = { "default", "discovery", "safe", } } +Entry { filename = "http-gitweb-projects-enum.nse", categories = { "discovery", "safe", } } Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } } Entry { filename = "http-grep.nse", categories = { "discovery", "safe", } } Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } }