Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] http-comments-displayer.nse

From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 13 Jun 2013 23:52:21 +0300
Hi,

The attached script makes use of patterns to extract HTML comments
from HTTP responses. Some times sensitive information is present
within HTML comments. While this does not necessarily represent a
breach in security, it give an attacker useful guidance for future
exploitation.

Let's see an example of how it works.

./nmap -p80 -n -Pn --script http-comments-displayer.nse
some-very-random-page.com

The script, by default, greps every page for HTML comments so the
above command may output a lot of comments. Let's limit the output
only to the root page.

./nmap -p80 -n -Pn --script http-comments-displayer.nse --script-args
'http-comments-displayer.singlepages={"/"}' some-very-random-page.com

The output now looks like this:

-- PORT   STATE SERVICE REASON
-- 80/tcp open  http    syn-ack
-- | http-comments-displayer:
-- |     Path: /
-- |     Line number: 214
-- |     Comment:
-- |         <!-- This needs fixing. -->
-- |
-- |     Path: /
-- |     Line number: 15
-- |     Comment:
-- |_        /* We should avoid the hardcoding here */

I really want to know where these comments are referring to. So, i run
the script again this time with the context parameter that will extend
our final strings.

./nmap -p80 -n -Pn --script http-comments-displayer.nse --script-args
'http-comments-displayer.singlepages={"/"},
http-comments-displayer.context=10' some-very-random-page.com

-- PORT   STATE SERVICE REASON
-- 80/tcp open  http    syn-ack
-- | http-comments-displayer:
-- |     Path: /
-- |     Line number: 214
-- |     Comment:
-- |          the same</p>
-- |         <!-- This needs fixing. -->
-- |         <br /><br /><br /><br
-- |
-- |     Path: /register.php
-- |     Line number: 15
-- |     Comment:
-- |         var index;
-- |         /* We should avoid the hardcoding here */
-- |_       if (pass == "l33t")  {

OK, that escalated quickly.

Hope you liked it.

--
George Chatzisofroniou
sophron.latthi.com

Attachment: http-comments-displayer.nse
Description: 

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: