Re: [NSE] Script for HTML generator meta tag

[Duarte Silva <duarte.silva () serializing me>]

On Tuesday 10 January 2012 09:33:22 Daniel Miller wrote:
> On 01/10/2012 07:03 AM, Michael Kohl wrote:
> > Hi,
> >
> > as an exercise for getting started with NSE, I wrote a little script
> > to extract the contents of the generator meta tag if there is one:
> >
> > PORT    STATE SERVICE
> > 21/tcp  open  ftp
> > 22/tcp  open  ssh
> > 25/tcp  open  smtp
> > 80/tcp  open  http
> >
> > |_generator: TYPO3 4.2 CMS
> >
> > 111/tcp open  rpcbind
> > 199/tcp open  smux
> > 443/tcp open  https
> >
> > |_generator: TYPO3 4.2 CMS
> >
> > The script can be found here, maybe it's useful enough for others to
> > include in the distribution:
> >
> > https://gist.github.com/903f268b5ebfe932f4dc
> >
> > BTW: sorry if this is the wrong place for submitting it, I didn't
> > really find another place that seemed sensible.

Hi Michael,

you are in the right place =) I have some pointers:

- in the script documentation, it's missing the example part;

- the generator regexp will only match lowercase letters. If it's something 
like "<META name=(...)", your match will fail;

- what if there is more than one generator tag? Very unlikely, but would we 
want that to be in the output as well?

- take a look at stdnse.format_output (if you decide to check for more than 
one generator tag, you should return a table);

- I'm not sure about the way you deal with the redirects. In a malicious/badly 
designed site, the redirect can make the script loop indefenitly by returning 
the address of the page containing the redirect itself. Also there is no deept 
control.

Did you tried anything with arguments? It does seem like a good next step (if 
you already know the logic behind the "action", "portrule" and so on). For 
instance, on your script you could add an argument for the web path. Not all 
web applications are in the '/' directory.

> > Michael
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
>
> Michael,
>
> This looks like a great script, and one that I would use frequently. As
> far as the code goes, I could see tightening up the regex in line 40 to
> use [^"]* instead of .*, since if you had more than one tag with
> attributes on the same line, it would greedily take more than you
> wanted. I look forward to seeing this one in the main distribution!

In a way, I feel this overlaps a bit with http-enum, but its good for things 
that are unknown to nmap. I also see myself using it.

> Dan
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

Regards,
Duarte Silva

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/