local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" description = [[ Stores the results of an HTTP(S) scan on a HTML page with JQuery. Shows IP, header, realm and tries to identify if target is a router, camera or common web server. Almacena los resultados de un barrido HTTP(S) en una página web con Frames y JQuery. Muestra las direcciones IP, un mirror del contenido html, el contenido de la cabecera www-authenticate. De acuerdo al header server o al contenido de la página que obtiene muestra si es un router, cámara o firewall. $ git clone https://github.com/hkm/nmap-nse-scripts.git ]] author = {'Pedro Joaquin pjoaquin()websec.mx'} license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"discovery"} portrule = shortport.port_or_service({80, 443}, {"http", "https"}) local function categoria(server) local modemlist = {'Router', 'Modem','RomPager', 'DSL', 'Mbedthis','Mathopd','GoAhead','IOS','httpd','siyou server','lighttpd','login.lp','ADTRAN','Technicolor','url_filter_hint.asp','RouterOS'} for i=1, #modemlist do if string.find(server, modemlist[i]) then return "Router" end end local camlist = {'dcs-lig-httpd', 'Camera', 'Avtech', 'Hikvision', 'iCanWebServer', 'Boa', 'AV-TECH','Cross Web Server','DCS-','netcam'} for i=1, #camlist do if string.find(server, camlist[i]) then return "Camera" end end local serverlist = {'Apache', 'IIS'} for i=1, #serverlist do if string.find(server, serverlist[i]) then return "Server" end end return "Unknown" end local function siexiste(var1) if var1 == nil then return "" else return var1 end end local function savefile(name, content, mode) local file, err = io.open(name, mode) if ( file ) then file:write(content) file:close() else return "\n ERROR: " .. file end end savefile('httpframe_log.html', 'httpframe.nse v0.5', 'w') savefile("httpframe_log/menu.htm", '','w') savefile("httpframe_log/menu.htm", ''.. ''.. ''.. ''.. '', 'a+') savefile("httpframe_log/menu.htm", '','a+') action = function(host, port) local query = http.get(host.ip, port, "/") local serverstring = " " if query.header['server'] ~= nil then serverstring = query.header['server'] end if query.header['www-authenticate'] ~= nil then serverstring = serverstring .. query.header['www-authenticate'] end if query.body ~= nil then savefile("httpframe_log/" .. host.ip .. ".html", query.body, 'w') end if query.status == 302 then serverstring = serverstring .. query.header['location'] savefile("httpframe_log/" .. host.ip .. ".html", "Location: "..query.header['location'], 'w') end if query.body ~= nil then if string.find(query.body, ".location") then serverstring=serverstring..query.body query.body="" savefile("httpframe_log/" .. host.ip .. ".html", query.body, 'w') end end if port.service == "https" then savefile("httpframe_log/menu.htm", '', 'a+') else savefile("httpframe_log/menu.htm", '', 'a+') end savefile("httpframe_log/menu.htm", '', 'a+') savefile("httpframe_log/menu.htm", '', 'a+') savefile("httpframe_log/menu.htm", '', 'a+') savefile("httpframe_log/menu.htm", '', 'a+') savefile("httpframe_log/menu.htm", '', 'a+') savefile("httpframe_log/menu.htm", '', 'a+') return "Information added to httpframe_log.html " end
IPmirrorstatussizedeviceserverwww-authenticate header
'.. port.service ..'://' .. host.ip ..':' .. port.number ..'
http://' .. host.ip ..':' .. port.number ..'[mirror]['.. siexiste(query.status) ..'] '.. string.len(siexiste(query.body)) ..' B'.. siexiste(categoria(serverstring)) ..'  '.. siexiste(query.header['server']) ..'  '.. siexiste(query.header['www-authenticate']) ..'