-
Notifications
You must be signed in to change notification settings - Fork 28
/
http-custom-title.nse
99 lines (83 loc) · 3.12 KB
/
http-custom-title.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
description = [[
Shows the title of the default page of a web server.
If customtitle argument is give the script searches and only titles matching the provided argument.
The script also writes matched output if outputfile argument is provided.
The script will follow up to 5 HTTP redirects, using the default rules in the
http library.
]]
---nmap --script ./http-custom-title.nse -p80 scanme.nmap.org --script-args="customtitle='ScanMe'"
--@args http-custom-title.url The url to fetch. Default: /
--@args http-custom-title.output, The output file to write to.
--@args http-custom-title.customtitle, The title to search for.
--@output
-- Nmap scan report for scanme.nmap.org (45.33.32.156)
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_http-title: Go ahead and ScanMe!
--
-- @xmloutput
-- <elem key="title">Go ahead and ScanMe!</elem>
-- @xmloutput
-- <script id="http-custom-title" output="Go ahead and ScanMe!"></script></port>
--
author = "Modified script by @psc4re for custom title search. Original script by Diman Todorov http-title.nse"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
portrule = shortport.http
action = function(host, port)
local resp, redirect_url, title
local reportwrite
resp = http.get( host, port, stdnse.get_script_args(SCRIPT_NAME..".url") or "/" )
local outputFile = stdnse.get_script_args(SCRIPT_NAME..".output") or nil
local customtitle = stdnse.get_script_args(SCRIPT_NAME..".customtitle") or nil
local output_str = nil
-- check for a redirect
if resp.location then
redirect_url = resp.location[#resp.location]
if resp.status and tostring( resp.status ):match( "30%d" ) then
return {redirect_url = redirect_url}, ("Did not follow redirect to %s"):format( redirect_url )
end
end
if ( not(resp.body) ) then
return
end
-- try and match title tags
title = string.match(resp.body, "<[Tt][Ii][Tt][Ll][Ee][^>]*>([^<]*)</[Tt][Ii][Tt][Ll][Ee]>")
local display_title = title
if display_title and display_title ~= "" then
display_title = string.gsub(display_title , "[\n\r\t]", "")
if #display_title > 65 then
display_title = string.sub(display_title, 1, 62) .. "..."
end
else
display_title = "Site doesn't have a title"
if ( resp.header and resp.header["content-type"] ) then
display_title = display_title .. (" (%s)."):format( resp.header["content-type"] )
else
display_title = display_title .. "."
end
end
local output_tab = stdnse.output_table()
if not customtitle then
reportwrite = "" .. host.ip .. ";" .. display_title
output_str = display_title
else
if (string.match(display_title, customtitle)) then
reportwrite = "" .. host.ip .. ";" .. display_title
output_str = display_title
end
end
if (outputFile) then
print("eh,k")
file = io.open(outputFile, "a")
file:write(reportwrite, "\n")
file.close(file)
end
if output_str then
return output_tab, output_str
end
end