Nmap Development mailing list archives
[NSE] http-traceroute
From: Hani Benhabiles <kroosec () gmail com>
Date: Fri, 18 May 2012 00:25:03 +0100
Hi list, description = [[Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies.
The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and Content-Length HTTP headers and body values such as the html title.
For more information, see:* http://www.agarri.fr/kom/archives/2011/11/12/traceroute-like_http_scanner/index.html
]] ----- @args http-traceroute.path The path to send requests to. Defaults to <code>/</code>. -- @args http-traceroute.method HTTP request method to use. Defaults to <code>GET</code>.
-- among other values, TRACE is probably the most interesting. -- -- @usage-- nmap --script=http-traceroute --script-arg http-traceroute.path="/path/" <targets>
-- --@output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-traceroute: -- | HTML title -- | Hop #1: Twitter / Over capacity -- | Hop #2: t.co / Twitter -- | Hop #3: t.co / Twitter -- | Status Code -- | Hop #1: 502 -- | Hop #2: 200 -- | Hop #3: 200 -- | server -- | Hop #1: Apache -- | Hop #2: hi -- | Hop #3: hi -- | content-type -- | Hop #1: text/html; charset=UTF-8 -- | Hop #2: text/html; charset=utf-8 -- | Hop #3: text/html; charset=utf-8 -- | content-length -- | Hop #1: 4833 -- | Hop #2: 3280 -- | Hop #3: 3280 -- | last-modified -- | Hop #1: Thu, 05 Apr 2012 00:19:40 GMT -- | Hop #2 -- |_ Hop #3Script is attached to the email, and you can alternatively get it from here [1]
Tests and feedbacks are welcome [1] https://svn.nmap.org/nmap-exp/kroosec/scripts/http-traceroute.nse Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com
Attachment:
http-traceroute.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-traceroute Hani Benhabiles (May 17)
- Re: [NSE] http-traceroute Henri Doreau (May 18)
- Re: [NSE] http-traceroute Hani Benhabiles (May 18)
- Re: [NSE] http-traceroute Henri Doreau (May 20)
- Re: [NSE] http-traceroute Hani Benhabiles (May 20)
- Re: [NSE] http-traceroute Hani Benhabiles (May 18)
- Re: [NSE] http-traceroute Henri Doreau (May 18)
- Re: [NSE] http-traceroute stripes (May 19)
- Re: [NSE] http-traceroute Hani Benhabiles (May 20)