PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-12 02:39:03 +00:00
Code Issues Projects Releases Wiki Activity
Files
a90ec1ef8abe1f8e4d7fc332f37049bae08bc566
nmap/scripts/robots.nse
kris c7eb8011d9 NSE now has a "default" category for scripts. This category holds the set 
of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).

On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.

The new list is very similar to the previous "safe,intrusive" list:

Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd

Here are the 21 scripts in this new category:

anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans
2008-05-28 07:16:32 +00:00

55 lines
1.2 KiB
Lua
Raw Blame History

require('shortport')
require('strbuf')
require('listop')
require('http')
id = "robots.txt"
author = "Eddie Bell <ejlbell@gmail.com>"
description = "Download a http servers robots.txt file and display all disallowed entries"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "safe"}
runlevel = 1.0
portrule = shortport.port_or_service({80,443}, {"http","https"})
local last_len = 0
-- split the output in 40 character lines
local function buildOutput(output, w)
local len = string.len(w)
for i,v in ipairs(output) do
if w == v then return nil end
end
if last_len == 0 or last_len + len <= 40 then
last_len = last_len + len
else
output = output .. '\n'
last_len = 0
end
output = output .. w
output = output .. ' '
end
action = function(host, port)
local answer = http.get( host, port, "/robots.txt" )
if answer.status ~= 200 then
return nil
end
-- parse all disallowed entries and remove comments
local output = strbuf.new()
for w in string.gmatch(answer.body, "Disallow:%s*([^\n]*)\n") do
w = w:gsub("%s*#.*", "")
buildOutput(output, w)
end
if not listop.is_empty(output) then
return strbuf.dump(output)
end
return nil
end
Reference in New Issue View Git Blame Copy Permalink