PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
a44a66c68a188c5335f97fa7ba2d38cccc6c7684
nmap/scripts/http-trace.nse
david 6fbc8868a9 Rename scripts (almost all of them) to make their names more consistent and 
make them look better in output. The full list of changes is
  anonFTP => ftp-anon
  ASN => asn-query
  brutePOP3 => pop3-brute
  bruteTelnet => telnet-brute
  daytimeTest => daytime
  dns-safe-recursion-port => dns-random-srcport
  dns-safe-recursion-txid => dns-random-txid
  dns-test-open-recursion => dns-recursion
  ftpbounce => ftp-bounce
  HTTPAuth => http-auth
  HTTP_open_proxy => http-open-proxy
  HTTPpasswd => http-passwd
  HTTPtrace => http-trace
  iax2Detect => iax2-version
  ircServerInfo => irc-info
  ircZombieTest => irc-zombie
  MSSQLm => ms-sql-info
  MySQLinfo => mysql-info
  popcapa => pop3-capabilities
  PPTPversion => pptp-version
  promiscuous => sniffer-detect
  RealVNC_auth_bypass => realvnc-auth-bypass
  robots => robots.txt
  showHTMLTitle => html-title
  showOwner => identd-owners
  skype_v2-version => skypev2-version
  smb-enumdomains => smb-enum-domains
  smb-enumsessions => smb-enum-sessions
  smb-enumshares => smb-enum-shares
  smb-enumusers => smb-enum-users
  smb-serverstats => smb-server-stats
  smb-systeminfo => smb-system-info
  SMTPcommands => smtp-commands
  SMTP_openrelay_test => smtp-open-relay
  SNMPcommunitybrute => snmp-brute
  SNMPsysdescr => snmp-sysdescr
  SQLInject => sql-injection
  SSH-hostkey => ssh-hostkey
  SSHv1-support => sshv1
  SSLv2-support => sslv2
  strangeSMTPport => smtp-strangeport
  UPnP-info => upnp-info
  xamppDefaultPass => xampp-default-auth
  zoneTrans => zone-transfer
2008-11-06 02:52:59 +00:00

102 lines
2.4 KiB
Lua
Raw Blame History

description = [[
Sends an HTTP TRACE request and shows header fields that were modified in the
response.
]]
---
-- @output
-- 80/tcp open http
-- | http-trace: Response differs from request. First 5 additional lines:
-- | Cookie: UID=d4287aa38d02f409841b4e0c0050c13148a85d01c0c0a154d4ef56dfc2b4fc1b0
-- | Country: us
-- | Ip_is_advertise_combined: yes
-- | Ip_conntype-Confidence: -1
-- |_ Ip_line_speed: medium
-- 08/31/2007
author = "Kris Katterjohn <katterjohn@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery"}
require "comm"
require "shortport"
require "stdnse"
--- Truncates and formats the first 5 elements of a table.
--@param tab The table to truncate.
--@return Truncated, formatted table.
local truncate = function(tab)
local str = ""
str = str .. tab[1] .. "\n"
str = str .. tab[2] .. "\n"
str = str .. tab[3] .. "\n"
str = str .. tab[4] .. "\n"
str = str .. tab[5] .. "\n"
return str
end
--- Validates the HTTP response and checks for modifications.
--@param response The HTTP response from the server.
--@param original The original HTTP request sent to the server.
--@return A string describing the changes (if any) between the response and
-- request.
local validate = function(response, original)
local start, stop
local body
if not response:match("HTTP/1.[01] 200") or
not response:match("TRACE / HTTP/1.0") then
return
end
start, stop = response:find("\r\n\r\n")
body = response:sub(stop + 1)
if original ~= body then
local output = "Response differs from request. "
if body:match("^TRACE / HTTP/1.0\r\n") then
local extra = body:sub(19) -- skip TRACE line
local tab = {}
-- Skip extra newline at the end (making sure it's there)
extra = extra:gsub("\r\n\r\n$", "\r\n")
tab = stdnse.strsplit("\r\n", extra)
if #tab > 5 then
output = output .. "First 5 additional lines:\n"
return output .. truncate(tab)
end
output = output .. "Additional lines:\n"
return output .. extra .. "\n"
end
-- This shouldn't happen
output = output .. "Full response:\n"
return output .. body .. "\n"
end
return
end
portrule = shortport.port_or_service({80, 8080}, "http")
action = function(host, port)
local cmd = "TRACE / HTTP/1.0\r\n\r\n"
local status, response = comm.exchange(host, port, cmd, {lines=1,timeout=5000})
if not status then
return
end
return validate(response, cmd)
end
Reference in New Issue View Git Blame Copy Permalink