Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapRiemannNMAP:HTTP-GITWEB-PROJECTS-ENUM.NSE
HistoryApr 20, 2012 - 12:46 p.m.

http-gitweb-projects-enum NSE Script

2012-04-2012:46:49
riemann
nmap.org
66

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Retrieves a list of Git projects, owners and descriptions from a gitweb (web interface to the Git revision control system).

Script Arguments

http-gitweb-projects-enum.path

specifies the location of gitweb (default: /)

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 www.example.com --script http-gitweb-projects-enum

Script Output

80/tcp open  http
| http-gitweb-projects-enum:
| Projects from gitweb.samba.org:
|   PROJECT                         AUTHOR            DESCRIPTION
|   sando.git                       authornum1        no description
|   camui/san.git                   devteam           no description
|   albert/tdx.git/.git             blueteam          no description
|
|   Number of projects: 172
|_  Number of owners: 42

Requires

local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local tab = require "tab"
local table = require "table"

description=[[
Retrieves a list of Git projects, owners and descriptions from a gitweb (web interface to the Git revision control system).
]]

---
-- @usage
-- nmap -p80 www.example.com --script http-gitweb-projects-enum
--
-- @output
-- 80/tcp open  http
-- | http-gitweb-projects-enum:
-- | Projects from gitweb.samba.org:
-- |   PROJECT                         AUTHOR            DESCRIPTION
-- |   sando.git                       authornum1        no description
-- |   camui/san.git                   devteam           no description
-- |   albert/tdx.git/.git             blueteam          no description
-- |
-- |   Number of projects: 172
-- |_  Number of owners: 42
--
-- @args http-gitweb-projects-enum.path specifies the location of gitweb
--       (default: /)

author = "riemann"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}


portrule = shortport.http

---
-- @param author bloc (if author name are too long we have a span bloc)
-- @return author name filtred from html entities
---
get_owner = function(res)
  local result=res
  local _
  if ( res:match('<span') ) then
    _,_,result=string.find(res,'title="(.-)"')
  end
  return result
end

action = function(host, port)

  local path = stdnse.get_script_args(SCRIPT_NAME .. '.path') or '/'
  local response = http.get(host,port,path)
  local result, result_stats = {}, {}

  if not response or not response.status or response.status ~= 200 or
    not response.body then
    stdnse.debug1("Failed to retrieve file: %s", path)
    return
  end

  local html = response.body
  local repo=tab.new()
  tab.addrow(repo,'PROJECT','AUTHOR','DESCRIPTION')

  -- verif generator
  if (html:match('meta name="generator" content="gitweb(.-)"')) then
    result['name'] = string.format("Projects from %s:", host.targetname or host.ip)

    local owners, projects_counter, owners_counter = {}, 0, 0

    for tr_code in html:gmatch('(%<tr[^<>]*%>(.-)%</tr%>)') do
      local regx='<a[^<>]*href="(.-)">(.-)</a>(.-)title="(.-)"(.-)<i>(.-)</i>'
      for _, project, _, desc, _, owner in tr_code:gmatch(regx) do

        --if desc result return default text of gitweb replace it by no description
        if(string.find(desc,'Unnamed repository')) then
          desc='no description'
        end

        tab.addrow(repo, project, get_owner(owner), desc)

        -- Protect from parsing errors or long owners
        -- just an arbitrary value
        if owner:len() < 128 and not owners[owner] then
          owners[owner] = true
          owners_counter = owners_counter + 1
        end

        projects_counter = projects_counter + 1
      end
    end

    table.insert(result,tab.dump(repo))
    table.insert(result, "")
    table.insert(result,
    string.format("Number of projects: %d", projects_counter))
    if (owners_counter > 0 ) then
      table.insert(result,
      string.format("Number of owners: %d", owners_counter))
    end

  end
  return stdnse.format_output(true,result)
end

Related

nmap 200
nmap
nmap
ipv6-multicast-mld-list NSE Script
2015-12-19 15:50:08
mysql-variables NSE Script
2010-01-26 09:40:38
http-malware-host NSE Script
2009-09-16 14:15:13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:HTTP-GITWEB-PROJECTS-ENUM.NSE
nmap200