Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapGyanendra MishraNMAP:HTTP-SVN-INFO.NSE
HistoryJul 25, 2015 - 9:55 a.m.

http-svn-info NSE Script

2015-07-2509:55:37
Gyanendra Mishra
nmap.org
62

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Requests information from a Subversion repository.

Script Arguments

http-svn-info.url

This is a URL relative to the scanned host eg. /default.html (default: /)

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script http-svn-info <target>

Script Output

443/tcp open  https   syn-ack
| http-svn-info:
|   Path: .
|   URL: https://svn.nmap.org/
|   Relative URL: ^/
|   Repository Root: https://svn.nmap.org
|   Repository UUID: e0a8ed71-7df4-0310-8962-fdc924857419
|   Revision: 34938
|   Node Kind: directory
|   Last Changed Author: yang
|   Last Changed Rev: 34938
|_  Last Changed Date: Sun, 19 Jul 2015 13:49:59 GMT--

Requires

local http = require "http"
local shortport = require "shortport"
local slaxml = require "slaxml"
local stdnse = require "stdnse"

description = [[Requests information from a Subversion repository.
]]

---
-- @usage nmap --script http-svn-info <target>
--
-- @args http-svn-info.url This is a URL relative to the scanned host eg. /default.html (default: /)
--
-- @output
-- 443/tcp open  https   syn-ack
-- | http-svn-info:
-- |   Path: .
-- |   URL: https://svn.nmap.org/
-- |   Relative URL: ^/
-- |   Repository Root: https://svn.nmap.org
-- |   Repository UUID: e0a8ed71-7df4-0310-8962-fdc924857419
-- |   Revision: 34938
-- |   Node Kind: directory
-- |   Last Changed Author: yang
-- |   Last Changed Rev: 34938
-- |_  Last Changed Date: Sun, 19 Jul 2015 13:49:59 GMT--
--
-- @xmloutput
-- <elem key="Path">.</elem>
-- <elem key="URL">https://svn.nmap.org/</elem>
-- <elem key="Relative URL">^/</elem>
-- <elem key="Repository Root">https://svn.nmap.org</elem>
-- <elem key="Repository UUID">e0a8ed71-7df4-0310-8962-fdc924857419</elem>
-- <elem key="Revision">34938</elem>
-- <elem key="Node Kind">directory</elem>
-- <elem key="Last Changed Author">yang</elem>
-- <elem key="Last Changed Rev">34938</elem>
-- <elem key="Last Changed Date">Sun, 19 Jul 2015 13:49:59 GMT</elem>


author = "Gyanendra Mishra"

license = "Same as Nmap--See https://nmap.org/book/man-legal.html"

categories = {"default", "discovery", "safe"}


portrule = shortport.http

local ELEMENTS = {
    ["repository-uuid"] =  "Repository UUID",
    ["version-name"] = "Last Changed Rev",
    ["creator-displayname"] = "Last Changed Author",
    ["getlastmodified"] = "Last Changed Date",
    ["baseline-relative-path"] = "Relative URL",
    ["href"] = "Repository Root",
    ["getcontentlength"] = "file"
}

local output_order = {
  "Last Changed Author",
  "Last Changed Rev",
  "Last Changed Date",
}

local function get_text_callback(store, name)
  if ELEMENTS[name] == nil then return end
  return function(content) store[ELEMENTS[name]] = content end
end

action = function(host, port)

  local url = stdnse.get_script_args(SCRIPT_NAME .. ".url") or "/"
  local output = {}
  local ordered_output = stdnse.output_table()

  local options = {
    header = {
      ["Depth"] = 0,
    },
  }

  local response = http.generic_request(host, port, "PROPFIND", url, options)
  if response and response.status == 207 then

    local parser = slaxml.parser:new()
    parser._call = {startElement = function(name)
      parser._call.text = get_text_callback(output, name) end,
      closeElement = function(name) parser._call.text = function() return nil end end
    }
    parser:parseSAX(response.body, {stripWhitespace=true})

    if next(output) then

      ordered_output["Path"] = url:match("/([^/]*)$"):len() > 0 and url:match("/([^/]*)$") or url:match("/([^/]*)/$") or "."
      if output["file"] then
        ordered_output["Name"] = url:match("/([^/]*)$")
      end

      ordered_output["URL"] = host.targetname and port.service .. "://" .. host.targetname .. url
      ordered_output["Relative URL"] = output["Relative URL"] and "^/" .. output["Relative URL"] or "^/"
      output["Repository Root"] = output["Repository Root"]:gsub("%/%!svn.*", ""):len() > 0 and output["Repository Root"]:gsub("%/%!svn.*", "")  or "/"
      ordered_output["Repository Root"] = port.service .. "://" .. host.targetname .. output["Repository Root"]
      ordered_output["Repository UUID"] = output["Repository UUID"]
      if url ~= output["Repository Root"] then
        local temp_output = {}
        response = http.generic_request(host, port, "PROPFIND", output["Repository Root"], options)
        if response and response.status == 207 then
          parser._call.startElement = function(name) parser._call.text = get_text_callback(temp_output, name) end
          parser:parseSAX(response.body, {stripWhitespace=true})
          ordered_output["Revision"] = temp_output["Last Changed Rev"]
        end
      else
        ordered_output["Revision"] = output["Last Changed Rev"]
      end

      if not output["file"] then
        ordered_output["Node Kind"] = "directory"
      else
        ordered_output["Node Kind"] = "file"
      end

      for _, value in ipairs(output_order) do
        ordered_output[value] = output[value]
      end

      return ordered_output
    end
  end
end

Related

nmap 200
nmap
nmap
broadcast-ms-sql-discover NSE Script
2010-12-10 23:12:27
riak-http-info NSE Script
2012-01-02 11:37:38
cics-enum NSE Script
2016-12-08 21:27:09

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:HTTP-SVN-INFO.NSE
nmap200