Add path and redirects handling to http-generator.nse.

Patch by Michael Kohl.
2025-12-24 16:39:03 +00:00 · 2012-01-13 23:48:01 +00:00
parent 96052bfa9e
commit e32c22aa22
1 changed files with 43 additions and 11 deletions
--- a/scripts/http-generator.nse
+++ b/scripts/http-generator.nse
@@ -8,25 +8,64 @@ categories = {"default", "discovery", "safe"}

 ---
 -- @usage
-- nmap -p 80,443 --script http-generator <host>
+-- nmap --script http-generator [--script-args http-generator.path=<path>,http-generator.redirects=<number>,...] <host>
+--
 -- @output
 -- PORT    STATE SERVICE
 -- 80/tcp  open  http
 -- |_http-generator: TYPO3 4.2 CMS
 -- 443/tcp open  https
 -- |_http-generator: TYPO3 4.2 CMS
+--
+-- @args http-generator.path Specify the path you want to check for a generator meta tag (default to '/').
+-- @args http-generator.redirects Specify the maximum number of redirects to follow (defaults to 3).
+
+--- Changelog:
+-- 2011-12-23 Michael Kohl <citizen428@gmail.com>:
+--   + Initial version
+-- 2012-01-10 Michael Kohl <citizen428@gmail.com>:
+--   + update documentation
+--   + make pattern case insensitive
+--   + only follow first redirect
+-- 2012-01-11 Michael Kohl <citizen428@gmail.com>:
+--   + more generic pattern
+--   + simplified matching
+-- 2012-01-13 Michael Kohl <citizen428@gmail.com>:
+--   + add http-generator.path argument
+--   + add http-generator.redirects argument
+--   + restructure redirect handling
+--   + improve redirect pattern
+--   + update documentation
+--   + add changelog

 --- TODO:
-- add arg for web path
-- add arg for maximum number of redirects
+-- more generic generator pattern

 require('http')
 require('shortport')
+require('stdnse')
+
+-- helper function
+local follow_redirects = function(host, port, path, n)
+   local pattern = "^[hH][tT][tT][pP]/1.[01] 30[12]"
+   local response = http.get(host, port, path)
+
+   while response['status-line']:match(pattern) and n > 0 do
+      n = n - 1
+      loc = response.header['location']
+      response = http.get_url(loc)
+   end
+
+   return response
+end

 portrule = shortport.http

 action = function(host, port)
   local response, loc, generator
+   local path = stdnse.get_script_args('http-generator.path') or '/'
+   local redirects = tonumber(stdnse.get_script_args('http-generator.redirects')) or 3
+
   -- Worst case: <meta name=Generator content="Microsoft Word 11">
   local pattern = '<meta name="?generator"? content="([^\"]*)" ?/?>'

@@ -36,14 +75,7 @@ action = function(host, port)
                                              string.upper(c))
             end)

-   response = http.get(host, port, '/')
-
-   -- deals with only one redirect
-   if response['status-line']:lower():match("^http/1.1 30[12]") then
-      loc = response.header['location']
-      response = http.get_url(loc)
-   end
-
+   response = follow_redirects(host, port, path, redirects)
   return response.body:match(pattern)

 end