Add http-affiliate-id.nse, originally from Hani Benhabiles, then patched

by Daniel Miller.
2026-01-17 03:49:02 +00:00 · 2011-03-31 20:32:50 +00:00
parent 674b8ffecb
commit f522332a89
3 changed files with 70 additions and 0 deletions
--- a/scripts/http-affiliate-id.nse
+++ b/scripts/http-affiliate-id.nse
@@ -0,0 +1,64 @@
+description = [[
+
+This script grabs Google Analytics and Adsense IDs.
+They could be used to further look for related websites (that have
+the same owner.)
+
+]]
+
+---
+-- @args http-affiliate-id.url-path The path to request. Defaults to
+-- <code>/</code>.
+--
+-- @usage
+-- nmap --script=http-affiliate-id.nse --script-args http-affiliate-id.url-path=/website <target>
+--
+-- @output
+-- PORT   STATE SERVICE
+-- 80/tcp open  http
+-- | http-affiliate-id: 
+-- |  Google Analytics ID: UA-XXXXXXXX-XX
+-- |_ Google Adsense ID: pub-YYYYYYYYYYYYYYYY
+
+author = "Hani Benhabiles, Daniel Miller"
+
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+
+categories = {"safe", "discovery"}
+
+require 'shortport'
+require 'http'
+require 'pcre'
+require 'stdnse'
+
+portrule = shortport.port_or_service( {80,443}, {"http","https"} )
+
+action = function(host, port)
+	local url_path, body,  analyticsid, adsenseid, result
+	result = ""
+	url_path = stdnse.get_script_args("http-affiliate-id.url-path") or "/"
+	body = http.get( host, port, url_path).body
+
+	-- these are the regular expressions for affiliate IDs
+	local affiliates = {
+	["Google Analytics ID"] = "(?P<id>UA-[0-9]{6,9}-[0-9]{1,2})",
+	["Google Adsense ID"] = "(?P<id>pub-[0-9]{16,16})",
+	["Amazon Associates ID"] = "href=\"http://www.amazon.com/[^\"]*[&;]tag=(?P<id>\\w+-\\d+)",
+	}
+
+
+	-- Here goes affiliate matching
+	for name,re in pairs(affiliates) do
+		local regex, limit, limit2, matches, affiliateid
+		regex = pcre.new(re, 0, "C")
+		limit, limit2, matches = regex:match(body)
+		if limit ~= nil then
+			affiliateid = matches["id"]
+			result = result .. "\n " .. name .. ": " .. affiliateid
+		end
+	end
+
+	if result ~= "" then
+	  return result
+	end
+end
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -50,6 +50,7 @@ Entry { filename = "giop-info.nse", categories = { "discovery", "safe", } }
 Entry { filename = "gopher-ls.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "hddtemp-info.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "hostmap.nse", categories = { "discovery", "external", "intrusive", } }
+Entry { filename = "http-affiliate-id.nse", categories = { "discovery", "safe", } }
 Entry { filename = "http-auth.nse", categories = { "auth", "default", "intrusive", } }
 Entry { filename = "http-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "http-date.nse", categories = { "discovery", "safe", } }