Lucene search

K

http-auth NSE Script

🗓️ 06 Nov 2008 02:59:52Reported by Thomas BuchananType 
nmap
 nmap
🔗 nmap.org👁 283 Views

Retrieves authentication scheme and realm of a web service that needs authenticatio

Show more
Related
Code
ReporterTitlePublishedViews
Family
Nmap
smtp-enum-users NSE Script
13 Mar 201004:03
nmap
Nmap
dns-brute NSE Script
5 Mar 201121:16
nmap
Nmap
mikrotik-routeros-brute NSE Script
30 Jul 201403:48
nmap
Nmap
http-slowloris NSE Script
16 Jul 201219:27
nmap
Nmap
freelancer-info NSE Script
20 Nov 201304:31
nmap
Nmap
irc-info NSE Script
6 Nov 200802:52
nmap
Nmap
ajp-methods NSE Script
7 May 201218:49
nmap
Nmap
telnet-encryption NSE Script
28 Dec 201100:57
nmap
Nmap
http-unsafe-output-escaping NSE Script
15 Dec 201106:19
nmap
Nmap
hostmap-robtex NSE Script
9 Apr 201206:35
nmap
Rows per page
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"

description = [[
Retrieves the authentication scheme and realm of a web service that requires
authentication.
]]

---
-- @usage
-- nmap --script http-auth [--script-args http-auth.path=/login] -p80 <host>
--
-- @output
-- PORT   STATE SERVICE REASON
-- 80/tcp open  http    syn-ack
-- | http-auth:
-- | HTTP/1.1 401 Unauthorized
-- |   Negotiate
-- |   NTLM
-- |   Digest charset=utf-8 nonce=+Upgraded+v1e4e256b4afb7f89be014e...968ccd60affb7c qop=auth algorithm=MD5-sess realm=example.com
-- |_  Basic realm=example.com
--
-- @xmloutput
-- <table>
--   <elem key="scheme">Basic</elem>
--   <table key="params">
--     <elem key="realm">Router</elem>
--   </table>
-- </table>
-- <elem key="scheme">Digest</elem>
--   <table key="params">
--     <elem key="nonce">np9qe4zJBAA=1f3ae82f536e70a806241b3358f571507a3a4d67</elem>
--     <elem key="realm">Router</elem>
--     <elem key="algorithm">MD5</elem>
--     <elem key="qop">auth</elem>
--     <elem key="domain">secret</elem>
--   </table>
-- </table>
--
-- @args http-auth.path  Define the request path
--
-- @see http-auth-finder.nse
-- @see http-brute.nse

-- HTTP authentication information gathering script
-- rev 1.1 (2007-05-25)
-- 2008-11-06 Vlatko Kosturjak <[email protected]>
--   * bug fixes against base64 encoded strings, more flexible auth/pass check,
--     corrected sample output
-- 2011-12-18 Duarte Silva <[email protected]>
--   * Added hostname and path arguments
--   * Updated documentation
-----------------------------------------------------------------------

author = "Thomas Buchanan"

license = "Same as Nmap--See https://nmap.org/book/man-legal.html"

categories = {"default", "auth", "safe"}


portrule = shortport.http

local PATH = stdnse.get_script_args(SCRIPT_NAME .. ".path")

action = function(host, port)
  local www_authenticate
  local challenges

  local result = {}
  local answer = http.get(host, port, PATH or "/", { bypass_cache = true })

  --- check for 401 response code
  if answer.status ~= 401 then
    return
  end

  result.name = answer["status-line"]:match("^(.*)\r?\n$")

  www_authenticate = answer.header["www-authenticate"]
  if not www_authenticate then
    table.insert( result, ("Server returned status %d but no WWW-Authenticate header."):format(answer.status) )
    return stdnse.format_output(true, result)
  end
  challenges = http.parse_www_authenticate(www_authenticate)
  if not challenges then
    table.insert( result, ("Server returned status %d but the WWW-Authenticate header could not be parsed."):format(answer.status) )
    table.insert( result, ("WWW-Authenticate: %s"):format(www_authenticate) )
    return stdnse.format_output(true, result)
  end

  for _, challenge in ipairs(challenges) do
    local line = challenge.scheme
    if ( challenge.params ) then
      for name, value in pairs(challenge.params) do
        line = line .. string.format(" %s=%s", name, value)
      end
    end
    table.insert(result, line)
  end

  return challenges, stdnse.format_output(true, result)
end

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 Nov 2008 02:52Current
0.3Low risk
Vulners AI Score0.3
EPSS0.972
283
.json
Report