NSE script for uploading files via HTTP PUT metho
Reporter | Title | Published | Views | Family All 200 |
---|---|---|---|---|
![]() | iax2-version NSE Script | 6 Nov 200802:52 | – | nmap |
![]() | imap-capabilities NSE Script | 8 Jun 200923:21 | – | nmap |
![]() | irc-info NSE Script | 6 Nov 200802:52 | – | nmap |
![]() | irc-unrealircd-backdoor NSE Script | 25 Jun 201020:05 | – | nmap |
![]() | jdwp-info NSE Script | 14 Aug 201211:31 | – | nmap |
![]() | knx-gateway-discover NSE Script | 15 Sep 201515:10 | – | nmap |
![]() | ldap-rootdse NSE Script | 21 Feb 201008:52 | – | nmap |
![]() | lltd-discovery NSE Script | 26 Sep 201122:20 | – | nmap |
![]() | memcached-info NSE Script | 2 Jan 201211:30 | – | nmap |
![]() | mikrotik-routeros-brute NSE Script | 30 Jul 201403:48 | – | nmap |
local http = require "http"
local io = require "io"
local shortport = require "shortport"
local stdnse = require "stdnse"
description = [[
Uploads a local file to a remote web server using the HTTP PUT method. You must specify the filename and URL path with NSE arguments.
]]
---
-- @usage
-- nmap -p 80 <ip> --script http-put --script-args http-put.url='/uploads/rootme.php',http-put.file='/tmp/rootme.php'
--
-- @output
-- PORT STATE SERVICE
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_http-put: /uploads/rootme.php was successfully created
--
-- @args http-put.file - The full path to the local file that should be uploaded to the server
-- @args http-put.url - The remote directory and filename to store the file to e.g. (/uploads/file.txt)
--
-- @xmloutput
-- <elem key="result">/uploads/rootme.php was successfully created</elem>
--
-- Version 0.1
-- Created 10/15/2011 - v0.1 - created by Patrik Karlsson <[email protected]>
-- Revised 10/20/2011 - v0.2 - changed coding style, fixed categories <[email protected]>
--
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "intrusive"}
portrule = shortport.http
action = function( host, port )
local output = stdnse.output_table()
local fname, url = stdnse.get_script_args('http-put.file', 'http-put.url')
if ( not(fname) or not(url) ) then
return
end
local f = io.open(fname, "r")
if ( not(f) ) then
output.error = ("ERROR: Failed to open file: %s"):format(fname)
return output, output.error
end
local content = f:read("a")
f:close()
local response = http.put(host, port, url, nil, content)
if ( 200 <= response.status and response.status < 210 ) then
output.result = ("%s was successfully created"):format(url)
return output, output.result
end
output.error = ("ERROR: %s could not be created"):format(url)
return output, output.error
end
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo