1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
local comm = require "comm"
local string = require "string"
local shortport = require "shortport"
local nmap = require "nmap"
local stdnse = require "stdnse"
description = [[
Uses the HTTP Server header for missing version info. This is currently
infeasible with version probes because of the need to match non-HTTP services
correctly.
]]
---
--@output
-- PORT STATE SERVICE VERSION
-- 80/tcp open http Unidentified Server 1.0
--@args
-- http-server-header.skip If set, this script will not run. Useful for
-- printing service fingerprints to submit to Nmap.org
author = "Daniel Miller"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"version"}
portrule = function(host, port)
if stdnse.get_script_args(SCRIPT_NAME .. ".skip") then
return false
end
-- Avoid running if -sV scan already got a match
if type(port.version) == "table" and (port.version.name_confidence > 3 or port.version.product ~= nil) then
return false
end
return shortport.http(host,port)
end
action = function(host, port)
local status, result = comm.tryssl(host, port,
"GET / HTTP/1.0\r\n\r\n",
{proto=port.protocol, timeout=5000})
if (not status) then
return nil
end
port.version = port.version or {}
if string.match(result, "^HTTP/1.[01] %d%d%d") then
port.version.service = "http"
else
return nil
end
local http_server = string.match(result, "\nServer:%s*(.-)\r?\n")
if port.version.product == nil then
port.version.product = http_server
end
nmap.set_port_version(host, port, "hardmatched")
if nmap.verbosity() > 0 then
return [[
Software version grabbed from Server header.
Consider submitting a service fingerprint.
Run with --script-args http-server-header.skip
]]
else
return nil
end
end
|
