Nmap Development mailing list archives
[NSE] Patch for html-title.nse and http.lua to query http-alt and https-alt ports
From: jah <jah () zadkiel plus com>
Date: Tue, 11 Nov 2008 03:06:14 +0000
Hi folks, The attached html-title.nse.patch adds http-alt and https-alt as port.service values for html-title.nse. It also allows a redirect to be followed with a change in url scheme if url.port is present in the location header and that port is the same scanned port. A common application found running atop various httpds on tcp port 8443 is Parallels Plesk Control Panel and with this change, html-title can often grab the title of the login page regardless of whether version detection has been performed. In order to be able to talk ssl to an https-alt port, http.lua would be modified accordingly with the attached http.lua.patch https-alt and http-alt are at --top-ports positions 116 and 117 respectively and I believe this could be a worthwhile addition. Regards, jah
--- http.lua.orig 2008-11-11 01:20:03.750000000 +0000 +++ http.lua 2008-11-11 01:51:42.015625000 +0000 @@ -105,8 +105,9 @@ -- host table passed to a portrule or hostrule. The second argument is either -- the port number or a table like the port table passed to a portrule or -- hostrule. SSL is used for the request if <code>port.service</code> is --- <code>"https"</code> or <code>port.version.service_tunnel</code> is --- <code>"ssl"</code>. The third argument is the request. The fourth argument is +-- <code>"https"</code> or <code>"https-alt"</code> or +-- <code>port.version.service_tunnel</code> is <code>"ssl"</code>. +-- The third argument is the request. The fourth argument is -- a table for further options. -- @param host The host to query. -- @param port The port on the host. @@ -127,7 +128,7 @@ stdnse.print_debug(1, "http.request() supports the TCP protocol only, your request to %s cannot be completed.", host) return nil end - if port.service == 'https' or ( port.version and port.version.service_tunnel == 'ssl' ) then + if port.service == 'https' or port.service == 'https-alt' or ( port.version and port.version.service_tunnel == 'ssl' ) then protocol = 'ssl' end port = port.number
--- html-title.nse.orig 2008-11-11 01:34:53.109375000 +0000 +++ html-title.nse 2008-11-11 01:42:41.156250000 +0000 @@ -27,15 +27,18 @@ local stdnse = require 'stdnse' portrule = function(host, port) - if port.protocol ~= 'tcp' or not (port.service == 'http' or port.service == 'https') then - return false - end - -- Don't bother running on SSL ports if we don't have SSL. - if (port.service == 'https' or port.version.service_tunnel == 'ssl') - and not nmap.have_ssl() then - return false - end - return true + local svc = { std = { ["http"] = 1, ["http-alt"] = 1 }, + ssl = { ["https"] = 1, ["https-alt"] = 1 } } + if port.protocol ~= 'tcp' + or not ( svc.std[port.service] or svc.ssl[port.service] ) then + return false + end + -- Don't bother running on SSL ports if we don't have SSL. + if (svc.ssl[port.service] or port.version.service_tunnel == 'ssl') + and not nmap.have_ssl() then + return false + end + return true end action = function(host, port) @@ -51,7 +54,7 @@ local loc = redirect_ok( url, host, port ) if loc then -- follow redirect - redir = ("Requested resource was %s://%s%s"):format( url.scheme or port.service, loc.host, loc.path ) + redir = ("Requested resource was %s://%s%s%s"):format( url.scheme or port.service, loc.host, (url.port and (":%s"):format(url.port)) or "", loc.path ) data = http.get( loc.host, loc.port, loc.path ) else loc = nil -- killed so we know we didn't follow a redirect @@ -92,12 +95,6 @@ -- redirected to. They incrementally fill in loc.host, loc.port, and loc.path. local rules = { function (loc, url, host, port) - -- if url.scheme is present then it must match the scanned port - if url.scheme and url.scheme ~= port.service then return false end - return true - end, - - function (loc, url, host, port) -- bail if userinfo is present return ( url.userinfo and false ) or true end, @@ -131,6 +128,13 @@ end, function (loc, url, host, port) + -- if url.scheme is present then it must match the scanned port + if url.scheme and url.port then return true end + if url.scheme and url.scheme ~= port.service then return false end + return true + end, + + function (loc, url, host, port) -- path cannot be unchanged unless host has changed -- loc.path must be set if returning true if ( not url.path or url.path == "/" ) and url.host == ( host.targetname or host.ip) then return false end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] Patch for html-title.nse and http.lua to query http-alt and https-alt ports jah (Nov 10)