Michael KohlNMAP:HTTP-GENERATOR.NSEhttp-generator NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Displays the contents of the “generator” meta tag of a web page (default: /) if there is one.
Script Arguments
http-generator.path
Specify the path you want to check for a generator meta tag (default to ‘/’).
http-generator.redirects
Specify the maximum number of redirects to follow (defaults to 3).
slaxml.debug
See the documentation for the slaxml library.
http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script http-generator [--script-args http-generator.path=<path>,http-generator.redirects=<number>,...] <host>
Script Output
PORT STATE SERVICE
80/tcp open http
|_http-generator: TYPO3 4.2 CMS
443/tcp open https
|_http-generator: TYPO3 4.2 CMS
Requires
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local stringaux = require "stringaux"
description = [[
Displays the contents of the "generator" meta tag of a web page (default: /)
if there is one.
]]
author = "Michael Kohl"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
---
-- @usage
-- nmap --script http-generator [--script-args http-generator.path=<path>,http-generator.redirects=<number>,...] <host>
--
-- @output
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_http-generator: TYPO3 4.2 CMS
-- 443/tcp open https
-- |_http-generator: TYPO3 4.2 CMS
--
-- @args http-generator.path Specify the path you want to check for a generator meta tag (default to '/').
-- @args http-generator.redirects Specify the maximum number of redirects to follow (defaults to 3).
-- Changelog:
-- 2011-12-23 Michael Kohl <[email protected]>:
-- + Initial version
-- 2012-01-10 Michael Kohl <[email protected]>:
-- + update documentation
-- + make pattern case insensitive
-- + only follow first redirect
-- 2012-01-11 Michael Kohl <[email protected]>:
-- + more generic pattern
-- + simplified matching
-- 2012-01-13 Michael Kohl <[email protected]>:
-- + add http-generator.path argument
-- + add http-generator.redirects argument
-- + restructure redirect handling
-- + improve redirect pattern
-- + update documentation
-- + add changelog
-- 2014-07-29 Fabian Affolter <[email protected]>:
-- + update generator pattern
portrule = shortport.http
action = function(host, port)
local response, loc, generator
local path = stdnse.get_script_args('http-generator.path') or '/'
local redirects = tonumber(stdnse.get_script_args('http-generator.redirects')) or 3
-- Worst case: <meta name=Generator content="Microsoft Word 11">
local pattern = stringaux.ipattern('<meta name=[\"\']?generator[\"\']? content=[\"\']([^\"\']*)[\"\'] ?/?>')
response = http.get(host, port, path, {redirect_ok=redirects})
if ( response and response.body ) then
return response.body:match(pattern)
end
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%