PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 20:51:30 +00:00
Code Issues Projects Releases Wiki Activity
Files
42a3d83c702d8433eae7b687cbef69f033dfd84c
nmap/scripts/HTTP_open_proxy.nse
kris a285f82299 o The NSE Comm library now defaults to trying to read as many bytes as are 
available rather than lines if neither the "bytes" nor "lines" options are
  given.  Thanks to Brandon for reporting a problem which he noticed in the
  dns-test-open-recursion script. [Kris]
2008-07-28 01:47:26 +00:00

73 lines
2.2 KiB
Lua
Raw Blame History

-- Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> / www.buanzo.com.ar / linux-consulting.buanzo.com.ar
-- See Nmap'ss COPYING file for licence details
-- This is version 20070413 aka "13th Friday" :)
-- Changelog: Added explode() function. Header-only matching now works.
-- * Fixed set_timeout
-- * Fixed some \r\n's
id="Open Proxy Test"
description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: GWS/' header response."
categories = {"default", "discovery", "intrusive"}
require "comm"
-- I found a nice explode() function in lua-users' wiki. I had to fix it, though.
-- http://lua-users.org/wiki/LuaRecipes
function explode(d,p)
local t,ll,l
t={}
ll=0
while true do
l=string.find(p,d,ll+1,true) -- find the next d in the string
if l~=nil then -- if "not not" found then..
table.insert(t, string.sub(p,ll,l-1)) -- Save it in our array.
ll=l+1 -- save just after where we found it for searching next time.
else
table.insert(t, string.sub(p,ll)) -- Save what's left in our array.
break -- Break at end, as it should be, according to the lua manual.
end
end
return t
end
portrule = function(host, port)
if (port.number == 3128 or port.number == 8080 or port.service == "http-proxy" or port.service == "squid-proxy" or port.service == "squid-proxy?")
and port.protocol == "tcp"
then
return true
else
return false
end
end
action = function(host, port)
local response
local i
-- We will return this if we don't find "^Server: GWS" in response headers
local retval
-- Ask proxy to open www.google.com
local req = "GET http://www.google.com HTTP/1.0\r\nHost: www.google.com\r\n\r\n"
local status, result = comm.exchange(host, port, req, {lines=1,proto=port.protocol, timeout=10000})
if not status then
return
end
-- Explode result into the response table
response = explode("\n",result)
-- Now, search for Server: GWS until headers (or table) end.
i = 0
while true do
i = i+1
if i > table.getn(response) then break end
if response[i]=="\r" then break end
if string.match(response[i],"^Server: GWS/") then
retval = "Potentially OPEN proxy. Check for Google\'s \"Server: GWS/\" header FOUND."
break
end
end
return retval
end
Reference in New Issue View Git Blame Copy Permalink