PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity
Files
5db940fc7044006200a5db575e61cb4bc8ddec13
nmap/scripts/http-server-header.nse
dmiller 5db940fc70 Update http-server-header in a few ways 
1. Use "softmatched" to let Nmap print the service fingerprint for the
user to submit.

2. Run even if version detection got a good match. This allows it to be
run by-name, or to provide additional info if available. Existing match
will not be clobbered, though.

3. Use comm.lua's default timeouts. Also, no need to pass port.protocol,
since comm.tryssl will use the port table directly.

4. XML output
2014-09-20 05:40:44 +00:00

64 lines
1.6 KiB
Lua
Raw Blame History

local comm = require "comm"
local string = require "string"
local shortport = require "shortport"
local nmap = require "nmap"
local stdnse = require "stdnse"
description = [[
Uses the HTTP Server header for missing version info. This is currently
infeasible with version probes because of the need to match non-HTTP services
correctly.
]]
---
--@output
-- PORT STATE SERVICE VERSION
-- 80/tcp open http Unidentified Server 1.0
--
-- PORT STATE SERVICE VERSION
-- 80/tcp open http Unidentified Server 1.0
-- | http-server-header:
-- |_ Server: Unidentified Server 1.0
--
--@xmloutput
--<elem key="Server">Unidentified Server 1.0</elem>
author = "Daniel Miller"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"version"}
portrule = function(host, port)
return (shortport.http(host,port) and nmap.version_intensity() >= 7)
end
action = function(host, port)
local status, result = comm.tryssl(host, port, "GET / HTTP/1.0\r\n\r\n")
if (not status) then
return nil
end
port.version = port.version or {}
if string.match(result, "^HTTP/1.[01] %d%d%d") then
port.version.service = "http"
else
return nil
end
local http_server = string.match(result, "\nServer:%s*(.-)\r?\n")
-- Avoid setting version info if -sV scan already got a match
if port.version.product == nil and port.version.name_confidence <= 3 then
port.version.product = http_server
-- Setting "softmatched" allows the service fingerprint to be printed
nmap.set_port_version(host, port, "softmatched")
end
if nmap.verbosity() > 0 and http_server then
return {Server=http_server}
else
return nil
end
end
Reference in New Issue View Git Blame Copy Permalink