Nmap Development mailing list archives

[NSE] New script http-grep

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 11 Dec 2011 20:52:07 +0100

Hi list,

I just committed a new script called http-grep. It does pretty much what
the name suggests and enables you to search for patterns within spidered
web pages.
I've included a few example usages and their responses, but the script can
obviously be used for a lot more:

Search for all titles in the seclists.org nmap-dev rss feed:
./nmap -p 80 seclists.org --script http-grep
--script-args='http-grep.match="<title>(.-)</title>",http-grep.url="/rss/nmap-dev.rss",http-grep.breakonmatch'

PORT   STATE SERVICE
80/tcp open  http
| http-grep:
|   (16) http://seclists.org:80/rss/nmap-dev.rss
|     + Nmap Development
|     + Re: nmap snmp scanning
|     + Re: Script force
|     + Re: nmap snmp scanning
|     + Nmap on Amazon Kindle
|     + Re: vulnerability scanning with nmap_nse_vulnscan
|     + New VA Modules: NSE: 1, Nessus: 17
|     + Re: vulnerability scanning with nmap_nse_vulnscan
|     + [NSE] New script http-backup-finder
|     + Re: Crash on Lion 10.7.2
|     + Crash on Lion 10.7.2
|     + New VA Modules: NSE: 1, OpenVAS: 28, Nessus: 2
|     + Re: &apos;utf8&apos; codec can&apos;t decode byte
|     + Re: Script suggestions
|     + Re: vulnerability scanning with nmap_nse_vulnscan
|_    + Re: Apache mod_negotiation


Search for the dns records associated with 74.207.254.18 on Robtex:
./nmap -p 80 www.robtex.com --script http-grep
--script-args='http-grep.match="<span
id=\"dns%d*\">.->(.-)</a>",http-grep.url="/ip/74.207.254.18.html",http-grep.breakonmatch'

80/tcp open  http
| http-grep:
|   (18) http://www.robtex.com:80/ip/74.207.254.18.html
|     + *.insecure.org
|     + *.nmap.com
|     + *.nmap.org
|     + *.seclists.org
|     + insecure.com
|     + insecure.org
|     + lists.insecure.org
|     + nmap.com
|     + nmap.net
|     + nmap.org
|     + seclists.org
|     + sectools.org
|     + web.insecure.org
|     + www.insecure.org
|     + www.nmap.com
|     + www.nmap.org
|     + www.seclists.org
|_    + images.insecure.org

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] New script http-grep Patrik Karlsson (Dec 11)
- [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 11)
  - Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 14)
    - Re: [NSE] New script http-unsafe-output-encoding Martin Holst Swende (Dec 14)
    - Re: [NSE] New script http-unsafe-output-encoding Patrik Karlsson (Dec 15)