Nmap Development mailing list archives
Little bug with output from script
From: "A. Ramos" <aramosf () unsec net>
Date: Mon, 18 Aug 2008 19:26:20 +0200
Hello all, I found some little bug with stdout from scripts when running into directory with other nmap-servces file. Example: (X.X.X.X) is in two examples same IP :-) [root@www bhdc08]# nmap -p80,8080,3128 --script=/home/aramosf/tools/nmap/scripts/HTTP_open_proxy.nse X.X.X.X Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-18 19:16 CEST Warning: File ./nmap-services exists, but Nmap is using /usr/share/nmap/nmap-services for security and consistency reasons. set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too). Interesting ports on X.X.X.X: PORT STATE SERVICE 80/tcp closed http 3128/tcp closed squid-http 8080/tcp closed http-proxy Nmap done: 1 IP address (1 host up) scanned in 0.875 seconds [root@www bhdc08]# nmap -p80,8080,3128 --script=/home/aramosf/tools/nmap/scripts/HTTP_open_proxy.nse X.X.X.X 2>a Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-18 19:16 CEST Interesting ports on X.X.X.X: PORT STATE SERVICE 80/tcp open http |_ Open Proxy Test: Potentially OPEN proxy. Check for Google's "Server: gws" header FOUND. 3128/tcp closed squid-http 8080/tcp closed http-proxy Nmap done: 1 IP address (1 host up) scanned in 1.823 seconds BTW, HTTP_open_proxy check for GWS string, but now google have 'gws', and only check in http-proxy and squid-proxy service port, I do a little patch to fix it: < description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: gws' header response." ---
description="Test if a discovered proxy is open to us by connecting to
www.google.com and checking for the 'Server: GWS/' header response." 33c33 < if (port.number == 3128 or port.number == 8080 or port.service == "http-proxy" or port.service == "squid-proxy" or port.service == "squid-proxy?" or port.service == "http") ---
if (port.number == 3128 or port.number == 8080 or port.service
== "http-proxy" or port.service == "squid-proxy" or port.service == "squid-proxy?") 45c45 < -- We will return this if we don't find "^Server: gws" in response headers ---
-- We will return this if we don't find "^Server: GWS" in response headers
50c50 < local status, result = comm.exchange(host, port, req, {lines=1,proto=port.protocol, timeout=10000}) ---
local status, result = comm.exchange(host, port, req,
{proto=port.protocol, timeout=10000}) 65,66c65,66 < if string.match(response[i],"^Server: gws") then < retval = "Potentially OPEN proxy. Check for Google\'s \"Server: gws\" header FOUND." ---
if string.match(response[i],"^Server: GWS/") then retval = "Potentially OPEN proxy. Check for
Google\'s \"Server: GWS/\" header FOUND." -- Alejandro Ramos -- aka dab _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Little bug with output from script A. Ramos (Aug 18)
- Re: Little bug with output from script Arturo 'Buanzo' Busleiman (Aug 18)
- Re: Little bug with output from script David Fifield (Aug 18)
- Re: Little bug with output from script A. Ramos (Aug 18)