mirror of
https://github.com/nmap/nmap.git
synced 2025-12-08 05:31:31 +00:00
o [NSE] Added the http-gitweb-projects-enum that queries a gitweb for a list
of Git projects, their authors and descriptions. [riemann]
This commit is contained in:
patrik
@@ -1,5 +1,8 @@
|
|||||||
# Nmap Changelog ($Id$); -*-text-*-
|
# Nmap Changelog ($Id$); -*-text-*-
|
||||||
|
|
||||||
|
o [NSE] Added the http-gitweb-projects-enum that queries a gitweb for a list
|
||||||
|
of Git projects, their authors and descriptions. [riemann]
|
||||||
|
|
||||||
o [NSE] targets-sniffer now is capable of sniffing IPv6 addresses.
|
o [NSE] targets-sniffer now is capable of sniffing IPv6 addresses.
|
||||||
[Daniel Miller]
|
[Daniel Miller]
|
||||||
|
|
||||||
|
|||||||
102
scripts/http-gitweb-projects-enum.nse
Normal file
102
scripts/http-gitweb-projects-enum.nse
Normal file
@@ -0,0 +1,102 @@
|
|||||||
|
description=[[
|
||||||
|
Gets a list of Git projects, owners and descriptions from a gitweb.
|
||||||
|
]]
|
||||||
|
|
||||||
|
---
|
||||||
|
-- @usage
|
||||||
|
-- nmap -p80 www.example.com --script http-gitweb-projects-enum
|
||||||
|
--
|
||||||
|
-- @output
|
||||||
|
-- 80/tcp open http
|
||||||
|
-- | http-gitweb-projects-enum:
|
||||||
|
-- | Projects from gitweb.samba.org:
|
||||||
|
-- | PROJECT AUTHOR DESCRIPTION
|
||||||
|
-- | sando.git authornum1 no description
|
||||||
|
-- | camui/san.git devteam no description
|
||||||
|
-- | albert/tdx.git/.git blueteam no description
|
||||||
|
-- |
|
||||||
|
-- | Number of projects: 172
|
||||||
|
-- |_ Number of owners: 42
|
||||||
|
--
|
||||||
|
-- @args http-gitweb.projects-enum.path specifies the location of gitweb
|
||||||
|
-- (default: /)
|
||||||
|
|
||||||
|
author = "riemann"
|
||||||
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
||||||
|
categories = {"discovery", "safe"}
|
||||||
|
|
||||||
|
local http = require 'http'
|
||||||
|
local shortport = require 'shortport'
|
||||||
|
local tab = require 'tab'
|
||||||
|
|
||||||
|
portrule = shortport.http
|
||||||
|
|
||||||
|
---
|
||||||
|
-- @param author bloc (if author name are too long we have a span bloc)
|
||||||
|
-- @return author name filtred from html entities
|
||||||
|
---
|
||||||
|
get_owner = function(res)
|
||||||
|
local result=res
|
||||||
|
if ( res:match('<span') ) then
|
||||||
|
_,_,result=string.find(res,'title="(.-)"')
|
||||||
|
end
|
||||||
|
return result
|
||||||
|
end
|
||||||
|
|
||||||
|
action = function(host, port)
|
||||||
|
|
||||||
|
local path = stdnse.get_script_args(SCRIPT_NAME .. '.path') or '/'
|
||||||
|
local response = http.get(host,port,path)
|
||||||
|
local result, result_stats = {}, {}
|
||||||
|
|
||||||
|
if not response or not response.status or response.status ~= 200 or
|
||||||
|
not response.body then
|
||||||
|
stdnse.print_debug(1, "%s: Failed to retrieve file: %s",
|
||||||
|
SCRIPT_NAME, path)
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
local html = response.body
|
||||||
|
local repo=tab.new()
|
||||||
|
tab.addrow(repo,'PROJECT','AUTHOR','DESCRIPTION')
|
||||||
|
|
||||||
|
-- verif generator
|
||||||
|
if (html:match('meta name="generator" content="gitweb(.-)"')) then
|
||||||
|
result['name'] = string.format("Projects from %s:", host.targetname or host.ip)
|
||||||
|
|
||||||
|
local owners, projects_counter, owners_counter = {}, 0, 0
|
||||||
|
|
||||||
|
for tr_code in html:gmatch('(%<tr[^<>]*%>(.-)%</tr%>)') do
|
||||||
|
local regx='<a[^<>]*href="(.-)">(.-)</a>(.-)title="(.-)"(.-)<i>(.-)</i>'
|
||||||
|
for _, project, _, desc, _, owner in tr_code:gmatch(regx) do
|
||||||
|
|
||||||
|
--if desc result return default text of gitweb replace it by no description
|
||||||
|
if(string.find(desc,'Unnamed repository')) then
|
||||||
|
desc='no description'
|
||||||
|
end
|
||||||
|
|
||||||
|
tab.addrow(repo, project, get_owner(owner), desc)
|
||||||
|
|
||||||
|
-- Protect from parsing errors or long owners
|
||||||
|
-- just an arbitrary value
|
||||||
|
if owner:len() < 128 and not owners[owner] then
|
||||||
|
owners[owner] = true
|
||||||
|
owners_counter = owners_counter + 1
|
||||||
|
end
|
||||||
|
|
||||||
|
projects_counter = projects_counter + 1
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
table.insert(result,tab.dump(repo))
|
||||||
|
table.insert(result, "")
|
||||||
|
table.insert(result,
|
||||||
|
string.format("Number of projects: %d", projects_counter))
|
||||||
|
if (owners_counter > 0 ) then
|
||||||
|
table.insert(result,
|
||||||
|
string.format("Number of owners: %d", owners_counter))
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
return stdnse.format_output(true,result)
|
||||||
|
end
|
||||||
@@ -128,6 +128,7 @@ Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vu
|
|||||||
Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } }
|
Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } }
|
||||||
Entry { filename = "http-form-brute.nse", categories = { "brute", "intrusive", } }
|
Entry { filename = "http-form-brute.nse", categories = { "brute", "intrusive", } }
|
||||||
Entry { filename = "http-generator.nse", categories = { "default", "discovery", "safe", } }
|
Entry { filename = "http-generator.nse", categories = { "default", "discovery", "safe", } }
|
||||||
|
Entry { filename = "http-gitweb-projects-enum.nse", categories = { "discovery", "safe", } }
|
||||||
Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } }
|
Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } }
|
||||||
Entry { filename = "http-grep.nse", categories = { "discovery", "safe", } }
|
Entry { filename = "http-grep.nse", categories = { "discovery", "safe", } }
|
||||||
Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } }
|
Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } }
|
||||||
|
|||||||
Reference in New Issue
Block a user