o [NSE] Added the http-gitweb-projects-enum that queries a gitweb for a list

of Git projects, their authors and descriptions. [riemann]
2025-12-06 12:41:29 +00:00 · 2012-04-20 12:46:49 +00:00
parent a9d9983fd0
commit 8e5bc1e26e
3 changed files with 106 additions and 0 deletions
--- a/scripts/http-gitweb-projects-enum.nse
+++ b/scripts/http-gitweb-projects-enum.nse
@@ -0,0 +1,102 @@
+description=[[
+Gets a list of Git projects, owners and descriptions from a gitweb.
+]]
+
+---
+-- @usage
+-- nmap -p80 www.example.com --script http-gitweb-projects-enum
+--
+-- @output
+-- 80/tcp open  http
+-- | http-gitweb-projects-enum: 
+-- | Projects from gitweb.samba.org:
+-- |   PROJECT                         AUTHOR            DESCRIPTION
+-- |   sando.git                       authornum1        no description
+-- |   camui/san.git                   devteam           no description
+-- |   albert/tdx.git/.git             blueteam          no description
+-- |
+-- |   Number of projects: 172
+-- |_  Number of owners: 42
+--
+-- @args http-gitweb.projects-enum.path specifies the location of gitweb
+--       (default: /)
+
+author = "riemann"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+local http      = require 'http'
+local shortport = require 'shortport'
+local tab       = require 'tab'
+
+portrule = shortport.http
+
+---
+-- @param author bloc (if author name are too long we have a span bloc)
+-- @return author name filtred from html entities
+---
+get_owner = function(res)
+	local result=res
+	if ( res:match('<span') ) then
+		_,_,result=string.find(res,'title="(.-)"')
+	end
+	return result
+end
+
+action = function(host, port)
+
+	local path = stdnse.get_script_args(SCRIPT_NAME .. '.path') or '/'
+	local response = http.get(host,port,path)
+	local result, result_stats = {}, {}
+	
+	if not response or not response.status or response.status ~= 200 or
+		not response.body then
+		stdnse.print_debug(1, "%s: Failed to retrieve file: %s",
+		    SCRIPT_NAME, path)
+		return
+	end
+
+	local html = response.body
+	local repo=tab.new()
+	tab.addrow(repo,'PROJECT','AUTHOR','DESCRIPTION')
+
+	-- verif generator
+	if (html:match('meta name="generator" content="gitweb(.-)"')) then
+		result['name'] = string.format("Projects from %s:", host.targetname or host.ip)
+		
+		local owners, projects_counter, owners_counter = {}, 0, 0
+		
+		for tr_code in html:gmatch('(%<tr[^<>]*%>(.-)%</tr%>)') do
+			local regx='<a[^<>]*href="(.-)">(.-)</a>(.-)title="(.-)"(.-)<i>(.-)</i>'
+			for _, project, _, desc, _, owner in tr_code:gmatch(regx) do
+
+				--if desc result return default text of gitweb replace it by no description
+				if(string.find(desc,'Unnamed repository')) then
+					desc='no description'
+				end
+				
+				tab.addrow(repo, project, get_owner(owner), desc)
+
+        -- Protect from parsing errors or long owners
+        -- just an arbitrary value
+				if owner:len() < 128 and not owners[owner] then
+					owners[owner] = true
+					owners_counter = owners_counter + 1
+				end
+
+				projects_counter = projects_counter + 1
+			end
+		end
+
+		table.insert(result,tab.dump(repo))
+		table.insert(result, "")
+		table.insert(result,
+			  string.format("Number of projects: %d", projects_counter))
+		if (owners_counter > 0 ) then
+				table.insert(result,
+				    string.format("Number of owners: %d", owners_counter))
+		end
+
+	end
+	return stdnse.format_output(true,result)
+end