9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Requests information from a Subversion repository.
This is a URL relative to the scanned host eg. /default.html (default: /)
See the documentation for the slaxml library.
See the documentation for the http library.
See the documentation for the smbauth library.
nmap --script http-svn-info <target>
443/tcp open https syn-ack
| http-svn-info:
| Path: .
| URL: https://svn.nmap.org/
| Relative URL: ^/
| Repository Root: https://svn.nmap.org
| Repository UUID: e0a8ed71-7df4-0310-8962-fdc924857419
| Revision: 34938
| Node Kind: directory
| Last Changed Author: yang
| Last Changed Rev: 34938
|_ Last Changed Date: Sun, 19 Jul 2015 13:49:59 GMT--
local http = require "http"
local shortport = require "shortport"
local slaxml = require "slaxml"
local stdnse = require "stdnse"
description = [[Requests information from a Subversion repository.
]]
---
-- @usage nmap --script http-svn-info <target>
--
-- @args http-svn-info.url This is a URL relative to the scanned host eg. /default.html (default: /)
--
-- @output
-- 443/tcp open https syn-ack
-- | http-svn-info:
-- | Path: .
-- | URL: https://svn.nmap.org/
-- | Relative URL: ^/
-- | Repository Root: https://svn.nmap.org
-- | Repository UUID: e0a8ed71-7df4-0310-8962-fdc924857419
-- | Revision: 34938
-- | Node Kind: directory
-- | Last Changed Author: yang
-- | Last Changed Rev: 34938
-- |_ Last Changed Date: Sun, 19 Jul 2015 13:49:59 GMT--
--
-- @xmloutput
-- <elem key="Path">.</elem>
-- <elem key="URL">https://svn.nmap.org/</elem>
-- <elem key="Relative URL">^/</elem>
-- <elem key="Repository Root">https://svn.nmap.org</elem>
-- <elem key="Repository UUID">e0a8ed71-7df4-0310-8962-fdc924857419</elem>
-- <elem key="Revision">34938</elem>
-- <elem key="Node Kind">directory</elem>
-- <elem key="Last Changed Author">yang</elem>
-- <elem key="Last Changed Rev">34938</elem>
-- <elem key="Last Changed Date">Sun, 19 Jul 2015 13:49:59 GMT</elem>
author = "Gyanendra Mishra"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
portrule = shortport.http
local ELEMENTS = {
["repository-uuid"] = "Repository UUID",
["version-name"] = "Last Changed Rev",
["creator-displayname"] = "Last Changed Author",
["getlastmodified"] = "Last Changed Date",
["baseline-relative-path"] = "Relative URL",
["href"] = "Repository Root",
["getcontentlength"] = "file"
}
local output_order = {
"Last Changed Author",
"Last Changed Rev",
"Last Changed Date",
}
local function get_text_callback(store, name)
if ELEMENTS[name] == nil then return end
return function(content) store[ELEMENTS[name]] = content end
end
action = function(host, port)
local url = stdnse.get_script_args(SCRIPT_NAME .. ".url") or "/"
local output = {}
local ordered_output = stdnse.output_table()
local options = {
header = {
["Depth"] = 0,
},
}
local response = http.generic_request(host, port, "PROPFIND", url, options)
if response and response.status == 207 then
local parser = slaxml.parser:new()
parser._call = {startElement = function(name)
parser._call.text = get_text_callback(output, name) end,
closeElement = function(name) parser._call.text = function() return nil end end
}
parser:parseSAX(response.body, {stripWhitespace=true})
if next(output) then
ordered_output["Path"] = url:match("/([^/]*)$"):len() > 0 and url:match("/([^/]*)$") or url:match("/([^/]*)/$") or "."
if output["file"] then
ordered_output["Name"] = url:match("/([^/]*)$")
end
ordered_output["URL"] = host.targetname and port.service .. "://" .. host.targetname .. url
ordered_output["Relative URL"] = output["Relative URL"] and "^/" .. output["Relative URL"] or "^/"
output["Repository Root"] = output["Repository Root"]:gsub("%/%!svn.*", ""):len() > 0 and output["Repository Root"]:gsub("%/%!svn.*", "") or "/"
ordered_output["Repository Root"] = port.service .. "://" .. host.targetname .. output["Repository Root"]
ordered_output["Repository UUID"] = output["Repository UUID"]
if url ~= output["Repository Root"] then
local temp_output = {}
response = http.generic_request(host, port, "PROPFIND", output["Repository Root"], options)
if response and response.status == 207 then
parser._call.startElement = function(name) parser._call.text = get_text_callback(temp_output, name) end
parser:parseSAX(response.body, {stripWhitespace=true})
ordered_output["Revision"] = temp_output["Last Changed Rev"]
end
else
ordered_output["Revision"] = output["Last Changed Rev"]
end
if not output["file"] then
ordered_output["Node Kind"] = "directory"
else
ordered_output["Node Kind"] = "file"
end
for _, value in ipairs(output_order) do
ordered_output[value] = output[value]
end
return ordered_output
end
end
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%