Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Little bug with output from script

From: "A. Ramos" <aramosf () unsec net>
Date: Mon, 18 Aug 2008 19:26:20 +0200
Hello all,
I found some little bug with stdout from scripts when running into directory
with other nmap-servces file.

Example: (X.X.X.X) is in two examples same IP :-)

[root@www bhdc08]#  nmap -p80,8080,3128
--script=/home/aramosf/tools/nmap/scripts/HTTP_open_proxy.nse X.X.X.X

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-18 19:16 CEST
Warning: File ./nmap-services exists, but Nmap is using
/usr/share/nmap/nmap-services for security and consistency reasons.  set
NMAPDIR=. to give priority to files in your local directory (may affect the
other data files too).
Interesting ports on X.X.X.X:
PORT     STATE  SERVICE
80/tcp   closed http
3128/tcp closed squid-http
8080/tcp closed http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.875 seconds
[root@www bhdc08]#  nmap -p80,8080,3128
--script=/home/aramosf/tools/nmap/scripts/HTTP_open_proxy.nse X.X.X.X 2>a

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-18 19:16 CEST
Interesting ports on X.X.X.X:
PORT     STATE  SERVICE
80/tcp   open   http
|_ Open Proxy Test: Potentially OPEN proxy. Check for Google's "Server: gws"
header FOUND.
3128/tcp closed squid-http
8080/tcp closed http-proxy

Nmap done: 1 IP address (1 host up) scanned in 1.823 seconds


BTW, HTTP_open_proxy check for GWS string, but now google have 'gws', and
only check in http-proxy and squid-proxy service port, I do a little patch
to fix it:

< description="Test if a discovered proxy is open to us by connecting to
www.google.com and checking for the 'Server: gws' header response."
---

description="Test if a discovered proxy is open to us by connecting to

www.google.com and checking for the 'Server: GWS/' header response."
33c33
<       if      (port.number == 3128 or port.number == 8080 or port.service
== "http-proxy" or port.service == "squid-proxy" or port.service ==
"squid-proxy?" or port.service == "http")
---

      if      (port.number == 3128 or port.number == 8080 or port.service

== "http-proxy" or port.service == "squid-proxy" or port.service ==
"squid-proxy?")
45c45
< -- We will return this if we don't find "^Server: gws" in response headers
---

-- We will return this if we don't find "^Server: GWS" in response headers

50c50
<       local status, result = comm.exchange(host, port, req,
{lines=1,proto=port.protocol, timeout=10000})
---

      local status, result = comm.exchange(host, port, req,

{proto=port.protocol, timeout=10000})
65,66c65,66
<               if string.match(response[i],"^Server: gws") then
<                       retval = "Potentially OPEN proxy. Check for
Google\'s \"Server: gws\" header FOUND."
---

              if string.match(response[i],"^Server: GWS/") then
                      retval = "Potentially OPEN proxy. Check for

Google\'s \"Server: GWS/\" header FOUND."




-- 
Alejandro Ramos -- aka dab

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: