9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Displays the contents of the “generator” meta tag of a web page (default: /) if there is one.
Specify the path you want to check for a generator meta tag (default to ‘/’).
Specify the maximum number of redirects to follow (defaults to 3).
See the documentation for the slaxml library.
See the documentation for the http library.
See the documentation for the smbauth library.
nmap --script http-generator [--script-args http-generator.path=<path>,http-generator.redirects=<number>,...] <host>
PORT STATE SERVICE
80/tcp open http
|_http-generator: TYPO3 4.2 CMS
443/tcp open https
|_http-generator: TYPO3 4.2 CMS
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local stringaux = require "stringaux"
description = [[
Displays the contents of the "generator" meta tag of a web page (default: /)
if there is one.
]]
author = "Michael Kohl"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
---
-- @usage
-- nmap --script http-generator [--script-args http-generator.path=<path>,http-generator.redirects=<number>,...] <host>
--
-- @output
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_http-generator: TYPO3 4.2 CMS
-- 443/tcp open https
-- |_http-generator: TYPO3 4.2 CMS
--
-- @args http-generator.path Specify the path you want to check for a generator meta tag (default to '/').
-- @args http-generator.redirects Specify the maximum number of redirects to follow (defaults to 3).
-- Changelog:
-- 2011-12-23 Michael Kohl <[email protected]>:
-- + Initial version
-- 2012-01-10 Michael Kohl <[email protected]>:
-- + update documentation
-- + make pattern case insensitive
-- + only follow first redirect
-- 2012-01-11 Michael Kohl <[email protected]>:
-- + more generic pattern
-- + simplified matching
-- 2012-01-13 Michael Kohl <[email protected]>:
-- + add http-generator.path argument
-- + add http-generator.redirects argument
-- + restructure redirect handling
-- + improve redirect pattern
-- + update documentation
-- + add changelog
-- 2014-07-29 Fabian Affolter <[email protected]>:
-- + update generator pattern
portrule = shortport.http
action = function(host, port)
local response, loc, generator
local path = stdnse.get_script_args('http-generator.path') or '/'
local redirects = tonumber(stdnse.get_script_args('http-generator.redirects')) or 3
-- Worst case: <meta name=Generator content="Microsoft Word 11">
local pattern = stringaux.ipattern('<meta name=[\"\']?generator[\"\']? content=[\"\']([^\"\']*)[\"\'] ?/?>')
response = http.get(host, port, path, {redirect_ok=redirects})
if ( response and response.body ) then
return response.body:match(pattern)
end
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%