Nmap Development mailing list archives
[NSE] http-comments-displayer.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 13 Jun 2013 23:52:21 +0300
Hi, The attached script makes use of patterns to extract HTML comments from HTTP responses. Some times sensitive information is present within HTML comments. While this does not necessarily represent a breach in security, it give an attacker useful guidance for future exploitation. Let's see an example of how it works. ./nmap -p80 -n -Pn --script http-comments-displayer.nse some-very-random-page.com The script, by default, greps every page for HTML comments so the above command may output a lot of comments. Let's limit the output only to the root page. ./nmap -p80 -n -Pn --script http-comments-displayer.nse --script-args 'http-comments-displayer.singlepages={"/"}' some-very-random-page.com The output now looks like this: -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-comments-displayer: -- | Path: / -- | Line number: 214 -- | Comment: -- | <!-- This needs fixing. --> -- | -- | Path: / -- | Line number: 15 -- | Comment: -- |_ /* We should avoid the hardcoding here */ I really want to know where these comments are referring to. So, i run the script again this time with the context parameter that will extend our final strings. ./nmap -p80 -n -Pn --script http-comments-displayer.nse --script-args 'http-comments-displayer.singlepages={"/"}, http-comments-displayer.context=10' some-very-random-page.com -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-comments-displayer: -- | Path: / -- | Line number: 214 -- | Comment: -- | the same</p> -- | <!-- This needs fixing. --> -- | <br /><br /><br /><br -- | -- | Path: /register.php -- | Line number: 15 -- | Comment: -- | var index; -- | /* We should avoid the hardcoding here */ -- |_ if (pass == "l33t") { OK, that escalated quickly. Hope you liked it. -- George Chatzisofroniou sophron.latthi.com
Attachment:
http-comments-displayer.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-comments-displayer.nse George Chatzisofroniou (Jun 13)
- Re: [NSE] http-comments-displayer.nse George Chatzisofroniou (Jun 22)