PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
b6a56e9fa0be4d66166a8feb7d49d4fa31242693
nmap/scripts/http-auth.nse
patrik b6a56e9fa0 o [NSE] Modified http-auth to support multiple authentication mechanism and to 
allow for a path to be specified as an argument. [Patrik]
2011-12-18 19:25:24 +00:00

99 lines
2.5 KiB
Lua
Raw Blame History

description = [[
Retrieves the authentication scheme and realm of a web service that requires
authentication.
]]
---
-- @usage
-- nmap --script http-auth [--script-args='http-auth.path=/login/']
--
-- @output
-- PORT STATE SERVICE REASON
-- 80/tcp open http syn-ack
-- | http-auth:
-- | Negotiate
-- | NTLM
-- | Digest
-- | charset=utf-8
-- | nonce=+Upgraded+v1e4e256b4afb7f89bf...0eb280e9c4b015cbe43bb7ab
-- | qop=auth
-- | algorithm=MD5-sess
-- | realm=example.com
-- | Basic
-- |_ realm=example.com
--
-- @args http-auth.path The url to query (default: /)
-- HTTP authentication information gathering script
-- rev 1.1 (2007-05-25)
-- 2008-11-06 Vlatko Kosturjak <kost@linux.hr>
-- * bug fixes against base64 encoded strings, more flexible auth/pass check,
-- corrected sample output
-- 2011-12-18 Patrik Karlsson <patrik@cqure.net>
-- * added path argument and changed so that the script processes all
-- www-authenticate arguments
author = "Thomas Buchanan"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "auth", "safe"}
require "shortport"
require "http"
portrule = shortport.http
local PATH = stdnse.get_script_args("http-auth.path")
local function getChallenges(www_authenticate)
local challenges = http.parse_www_authenticate(www_authenticate)
local result = {}
if not challenges then
table.insert( result, ("WWW-Authenticate: %s"):format(www_authenticate) )
return result
end
for _, challenge in ipairs(challenges) do
result.name = challenge.scheme
for name, value in pairs(challenge.params) do
table.insert(result, string.format("%s=%s", name, value))
end
end
return ( #result == 0 and result.name or result )
end
action = function(host, port)
local www_authenticate
local challenges
local request_opts = {
bypass_cache = true
}
local answer = http.get(host, port, PATH or "/", request_opts)
--- check for 401 response code
if answer.status ~= 401 then
return
end
local result = {}
www_authenticate = answer.header["www-authenticate"]
if not www_authenticate then
table.insert(result, ("Server returned status %d but no WWW-Authenticate header."):format(answer.status))
return stdnse.format_output(true, result)
end
for _, header in ipairs(answer.rawheader) do
local n, v = header:match("^(.-): (.*)$")
if ( n and n:lower() == "www-authenticate" ) then
local r = getChallenges(v)
table.insert(result, r)
end
end
return stdnse.format_output(true, result)
end
Reference in New Issue View Git Blame Copy Permalink