📄 httpauth.nse
字号:
-- HTTP authentication information gathering script-- rev 1.1 (2007-05-25)id = "HTTP Auth"description = "If a web server requires authentication, prints the authentication scheme and realm"author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"license = "See nmaps COPYING for licence"-- uncomment the following line to enable safe category-- categories = {"safe"}categories = {"intrusive"}require "shortport"portrule = shortport.port_or_service({80, 8080}, "http")action = function(host, port) local socket local catch = function() socket:close() end local try = nmap.new_try(catch) local get_http_headers = function(dst, dst_port, query_string) socket = nmap.new_socket() try(socket:connect(dst, dst_port)) try(socket:send(query_string)) local response = "" local lines local status while true do status, lines = socket:receive_lines(1) if not status then break end response = response .. lines end try(socket:close()) local tags = {"(.-)<![Dd][Oo][Cc][Tt][Yy][Pp][Ee]", "(.-)<[Hh][Tt][Mm][Ll]", "(.-)<[Hh][Ee][Aa][Dd]", "(.-)<[Bb][Oo][Dd][Yy]"} local hdrs for I = 1, #tags do hdrs = string.match(response, tags[I]) if hdrs ~= nil and hdrs ~= response and hdrs ~= "" then return hdrs end end return response end local auth local value local realm local scheme local result local basic = false local query = "GET / HTTP/1.1\r\n" query = query .. "Accept: */*\r\n" query = query .. "Accept-Language: en\r\n" query = query .. "User-Agent: Nmap NSE\r\n" query = query .. "Host: " .. host.ip .. ":" .. port.number .. "\r\n\r\n" local headers = get_http_headers(host.ip, port.number, query) --- check for 401 response code auth = string.match(headers, "HTTP/1.- 401") if auth ~= nil then result = "HTTP Service requires authentication\n" -- loop through any WWW-Authenticate: headers to determine valid authentication schemes for value in string.gmatch(headers, "[Aa]uthenticate:(.-)\n") do result = result .. " Auth type: " scheme, realm = string.match(value, "(%a+).-[Rr]ealm=\"(.-)\"") if scheme == "Basic" then basic = true end if realm ~= nil then result = result .. scheme .. ", realm = " .. realm .. "\n" else result = result .. string.match(value, "(%a+)") .. "\n" end end end if basic then query = "GET / HTTP/1.1\r\n" query = query .. "Authorization: Basic YWRtaW46C\r\n" query = query .. "Accept: */*\r\n" query = query .. "Accept-Language: en\r\n" query = query .. "User-Agent: Nmap NSE\r\n" query = query .. "Host: " .. host.ip .. ":" .. port.number .. "\r\n\r\n" auth = "" headers = get_http_headers(host.ip, port.number, query) auth = string.match(headers, "HTTP/1.- 40[013]") if auth == nil then result = result .. " HTTP server may accept user=\"admin\" with blank password for Basic authentication\n" end query = "GET / HTTP/1.1\r\n" query = query .. "Authorization: Basic YWRtaW46YWRtaW4\r\n" query = query .. "Accept: */*\r\n" query = query .. "Accept-Language: en\r\n" query = query .. "User-Agent: Nmap NSE\r\n" query = query .. "Host: " .. host.ip .. ":" .. port.number .. "\r\n\r\n" auth = "" headers = get_http_headers(host.ip, port.number, query) auth = string.match(headers, "HTTP/1.- 40[013]") if auth == nil then result = result .. " HTTP server may accept user=\"admin\" with password=\"admin\" for Basic authentication\n" end end return resultend⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -