merge nmap scripts

nmap/http-favicon-url.nse

@@ -1,158 +0,0 @@
-local datafiles = require "datafiles"
-local http = require "http"
-local nmap = require "nmap"
-local shortport = require "shortport"
-local stdnse = require "stdnse"
-local string = require "string"
-local url = require "url"
-
-description = [[
-Gets the favicon url ("favorites icon").
-
-If the script argument <code>favicon.uri</code> is given, that relative URI is
-always used to find the favicon. Otherwise, first the page at the root of the
-web server is retrieved and parsed for a <code><link rel="icon"></code>
-element. If that fails, the icon is looked for in <code>/favicon.ico</code>. If
-a <code><link></code> favicon points to a different host or port, it is ignored.
-]]
-
----
--- @args favicon.uri URI that will be requested for favicon.
--- @args favicon.root Web server path to search for favicon.
---
--- @usage
--- nmap --script=http-favicon-url.nse \
---    --script-args favicon.root=<root>,favicon.uri=<uri>
--- @output
--- |_ http-favicon: http://hostname:80/favicon.ico
-
--- HTTP default favicon enumeration script
--- rev 1.2 (2009-03-11)
--- Original NASL script by Javier Fernandez-Sanguino Pena
-
-
-author = "Vlatko Kosturjak"
-
-license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
-
-categories = {"default", "discovery", "safe"}
-
-
-portrule = shortport.http
-
-action = function(host, port)
-  local answer
-  local match
-  local status
-  local index, icon
-  local root = ""
-  local url
-  local hostname = host.targetname or (host.name ~= "" and host.name) or host.ip
-
-  if(stdnse.get_script_args('favicon.root')) then
-    root = stdnse.get_script_args('favicon.root')
-  end
-  local favicon_uri = stdnse.get_script_args("favicon.uri")
-  if(favicon_uri) then
-    -- If we got a script arg URI, always use that.
-    answer = http.get( host, port, root .. "/" .. favicon_uri)
-    stdnse.debug4("Using URI %s", favicon_uri)
-    url = favicon_uri
-  else
-    -- Otherwise, first try parsing the home page.
-    index = http.get( host, port, root .. "/" )
-    if index.status == 200 or index.status == 503 then
-      -- find the favicon pattern
-      icon = parseIcon( index.body )
-      -- if we find a pattern
-      if icon then
-        stdnse.debug1("Got icon URL %s.", icon)
-        local icon_host, icon_port, icon_path = parse_url_relative(icon, hostname, port.number, root)
-        if (icon_host == host.ip or
-          icon_host == host.targetname or
-          icon_host == (host.name ~= '' and host.name)) and
-          icon_port == port.number then
-          -- request the favicon
-          answer = http.get( icon_host, icon_port, icon_path )
-          url = port.service.."://"..hostname..":"..port.number.."/"..root.."/"..icon_path
-        else
-          answer = nil
-        end
-      else
-        answer = nil
-      end
-    end
-
-    -- If that didn't work, try /favicon.ico.
-    if not answer or answer.status ~= 200 then
-      answer = http.get( host, port, root .. "/favicon.ico" )
-      url = port.service.."://"..hostname..":"..port.number.."/"..root.."favicon.ico"
-      stdnse.debug4("Using default URI.")
-    end
-  end
-
-  --- check for 200 response code
-  if answer and answer.status == 200 then
-    return url
-  else
-    stdnse.debug1("No favicon found.")
-    return
-  end --- status == 200
-  return
-end
-
-local function dirname(path)
-  local dir
-  dir = string.match(path, "^(.*)/")
-  return dir or ""
-end
-
--- Return a URL's host, port, and path, filling in the results with the given
--- host, port, and path if the URL is relative. Return nil if the scheme is not
--- "http" or "https".
-function parse_url_relative(u, host, port, path)
-  local scheme, abspath
-  u = url.parse(u)
-  scheme = u.scheme or "http"
-  if not (scheme == "http" or scheme == "https") then
-    return nil
-  end
-  abspath = u.path or ""
-  if not string.find(abspath, "^/") then
-    abspath = dirname(path) .. "/" .. abspath
-  end
-  return u.host or host, u.port or url.get_default_port(scheme), abspath
-end
-
-function parseIcon( body )
-  local _, i, j
-  local rel, href, word
-
-  -- Loop through link elements.
-  i = 0
-  while i do
-    _, i = string.find(body, "<%s*[Ll][Ii][Nn][Kk]%s", i + 1)
-    if not i then
-      return nil
-    end
-    -- Loop through attributes.
-    j = i
-    while true do
-      local name, quote, value
-      _, j, name, quote, value = string.find(body, "^%s*(%w+)%s*=%s*([\"'])(.-)%2", j + 1)
-      if not j then
-        break
-      end
-      if string.lower(name) == "rel" then
-        rel = value
-      elseif string.lower(name) == "href" then
-        href = value
-      end
-    end
-    for word in string.gmatch(rel or "", "%S+") do
-      if string.lower(word) == "icon" then
-        return href
-      end
-    end
-  end
-end

nmap/http-get.nse

@@ -10,15 +10,8 @@ Get and return a page info
 -- @usage nmap -p80 --script http-get.nse --script-args http-get.path=/ <target>
 --
 -- @output
--- body:<html>...</html>
 -- status: 200
 -- status-line: HTTP/1.1 200 OK\x0D
--- header: ...
--- rawheader: ...
--- cookies: 
-
--- ssl: false
--- version: 1.1
 ---
 
 categories = {"discovery", "intrusive"}
@@ -36,6 +29,7 @@ action = function(host, port)
   local hostaddress = (host.name ~= '' and host.name) or host.ip
   local path = ""
   local answer
+  local favicon = "/favicon.ico"
 
   if (port.service == "ssl") then
     scheme = "https"
@@ -48,5 +42,52 @@ action = function(host, port)
   end
 
   answer = http.get_url(scheme.."://"..hostaddress..":"..port.number.."/"..path)
-  return {status=answer.status, ["status-line"]=answer["status-line"]}
+
+  if (answer and answer.status == 200) then
+    favicon_relative_uri = parseIcon(answer.body) or "/favicon.ico"
+  end
+  
+  favicon_absolute_uri = scheme.."://"..hostaddress..":"..port.number.."/"..favicon_relative_uri
+  favicon = http.get_url(favicon_absolute_uri)
+
+  if (favicon and favicon.status == 200) then
+    return {status=answer.status, ["status-line"]=answer["status-line"], favicon=favicon_absolute_uri}
+  else
+    return {status=answer.status, ["status-line"]=answer["status-line"]}
+  end
+end
+
+--- function taken from http_favicon.nse by Vlatko Kosturjak
+
+function parseIcon( body )
+  local _, i, j
+  local rel, href, word
+
+  -- Loop through link elements.
+  i = 0
+  while i do
+    _, i = string.find(body, "<%s*[Ll][Ii][Nn][Kk]%s", i + 1)
+    if not i then
+      return nil
+    end
+    -- Loop through attributes.
+    j = i
+    while true do
+      local name, quote, value
+      _, j, name, quote, value = string.find(body, "^%s*(%w+)%s*=%s*([\"'])(.-)%2", j + 1)
+      if not j then
+        break
+      end
+      if string.lower(name) == "rel" then
+        rel = value
+      elseif string.lower(name) == "href" then
+        href = value
+      end
+    end
+    for word in string.gmatch(rel or "", "%S+") do
+      if string.lower(word) == "icon" then
+        return href
+      end
+    end
+  end
 end

scan_all.sh

@@ -5,7 +5,7 @@ DIR="$(dirname -- "$0")"
 mkdir -p "$DIR/scans"
 mkdir -p "$DIR/site"
 
-for conf in confs/*.yaml
+for conf in "$DIR/confs/*.yaml"
 do
     site="$(basename ${conf/.yaml/})"
     php "$DIR/to_xml.php" $conf > "$DIR/site/$site.xml"