Nmap Development mailing list archives

[PATCH] showHTMLTitle.nse

From: jah <jah () zadkiel plus com>
Date: Sat, 04 Oct 2008 21:15:23 +0100

On 03/10/2008 21:18, Fyodor wrote:

Well, I'm not certain it would have to go in external just for this
sort of DNS query against the normal name servers Nmap users anyway.
This seems like a very low privacy risk compared to even our other
DNS-related extern scripts.  I'm not taking sides on whether we should
do the lookup, just saying that looking up the IP of the redirect host
probably wouldn't banish the script from the default category.

OK, I've included DNS lookups.  The dns library makes this ultra easy
and it would be just as easy to remove should it be decided not to
include it.
It should handle IPv6 AAAA lookups, but as yet, I've not found an IPv6
server that redirects - let alone one which issues a different hostname
in the location header.

As David suggested, redirects are handled by http.get() rather than
doing url.parse() twice and there's now a short loop which ipairs over a
table of rules.  The rules are anonymous functions which all take the
same arguments and return true or false.  Rules processing stops
whenever false is returned and the redirect won't be followed.  It
should be much easier to tweak the rules and I've briefly commented
each.  They go something like this (in this order):
Scheme, if present, must be the same as port.service (i.e. unchanged
from the original request)
Userinfo must not be present.
Host, if present, must represent the same host.
Port, if present, must be that which was scanned.
Path must be different to "/" unless host has changed.
Query may be present.

The last four of these assign values to the loc {} table and the
redirect happens only if all of the required info for http.get() is
present in this table.

Couple of other tweaks:
If possible, the content-type header value is output whenever "Site does
not have a title" which might help to indicate why there was no title:
e.g. video/x-msvideo

Instead of trying to string.lower() all tag names in the response and
then match lower case title tags, I've modified the pattern for the
title tags to handle mixed case.

Regards,

jah
//

Attachment: showHTMLTitle.nse.patch.gz
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements David Fifield (Oct 02)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements Sven Klemm (Oct 03)
  - Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements jah (Oct 03)
    - Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements Sven Klemm (Oct 03)
    - Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements jah (Oct 03)
    - Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements Fyodor (Oct 03)
    - [PATCH] showHTMLTitle.nse jah (Oct 04)
    - Re: [PATCH] showHTMLTitle.nse David Fifield (Oct 04)
    - Re: [PATCH] showHTMLTitle.nse David Fifield (Oct 05)