PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-13 03:09:02 +00:00
Code Issues Projects Releases Wiki Activity
Files
85ac68ce65b851a8f360f6e14f761dcbeab705bc
nmap/scripts/HTTPAuth.nse
fyodor 9cf7f14afe o Added NSE HTTP library which allows scripts to easily fetch URLs 
with http.get_url() or create more complex requests with
  http.request().  There is also an http.get() function which takes
  components (hostname, port, and path) rather than a URL.  The
  HTTPAuth, robots, and showHTMLTitle NSE scripts have been updated to
  use this library. Sven Klemm wrote all of this code.
2008-02-01 02:47:09 +00:00

66 lines
2.0 KiB
Lua
Raw Blame History

-- HTTP authentication information gathering script
-- rev 1.1 (2007-05-25)
id = "HTTP Auth"
description = "If a web server requires authentication, prints the authentication scheme and realm"
author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"
license = "See nmaps COPYING for licence"
-- uncomment the following line to enable safe category
-- categories = {"safe"}
categories = {"intrusive"}
require "shortport"
require "http"
portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"})
action = function(host, port)
local realm,scheme,result
local basic = false
local answer = http.get( host, port, "/" )
--- check for 401 response code
if answer.status == 401 then
result = "HTTP Service requires authentication\n"
-- split www-authenticate header
local auth_headers = {}
local pcre = pcre.new('\\w+( (\\w+=("[^"]+"|\\w+), *)*(\\w+=("[^"]+"|\\w+)))?',0,"C")
local match = function( match ) table.insert(auth_headers, match) end
pcre:gmatch( answer.header['www-authenticate'], match )
for _, value in pairs( auth_headers ) do
result = result .. " Auth type: "
scheme, realm = string.match(value, "(%a+).-[Rr]ealm=\"(.-)\"")
if scheme == "Basic" then
basic = true
end
if realm ~= nil then
result = result .. scheme .. ", realm = " .. realm .. "\n"
else
result = result .. string.match(value, "(%a+)") .. "\n"
end
end
end
if basic then
answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46C"}})
if answer.status ~= 401 and answer.status ~= 403 then
result = result .. " HTTP server may accept user=\"admin\" with blank password for Basic authentication\n"
end
answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46YWRtaW4"}})
if answer.status ~= 401 and answer.status ~= 403 then
result = result .. " HTTP server may accept user=\"admin\" with password=\"admin\" for Basic authentication\n"
end
end
return result
end
Reference in New Issue View Git Blame Copy Permalink