nmap script http-get

.gitignore

@@ -1,2 +1,3 @@
-site/
+confs/
 scans/
+site/

README.md

@@ -2,7 +2,7 @@
 
 Scan hosts with nmap and display results in webpage.
 
-* Create a configuration yaml file in site/ subdirectory (see example below).
+* Create a configuration yaml file in confs/ subdirectory (see example below).
 It may be generated by scanning a network with `init.sh`.
 * Scan with `php scan_all.php` (use a cron task!).
 * Open index.php to see results.

http-get.nse

@@ -0,0 +1,42 @@
+local shortport = require "shortport"
+
+description = [[
+Get and return a page info
+]]
+
+---
+-- @args http-get.path Path to get. Default /.
+--
+-- @usage nmap -p80 --script http-get.nse --script-args http-get.path=/ <target>
+--
+-- @output
+-- body:<html>...</html>
+-- status: 200
+-- status-line: HTTP/1.1 200 OK\x0D
+-- header: ...
+-- rawheader: ...
+-- cookies: 
+
+-- ssl: false
+-- version: 1.1
+---
+
+categories = {"discovery", "intrusive"}
+author = "Adrien Malingrey"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+
+portrule = shortport.http
+
+
+local http = require "http"
+local stdnse = require "stdnse"
+
+action = function(host, port)
+  local path = ""
+
+  if(stdnse.get_script_args('http-get.path')) then
+    path = "/" .. stdnse.get_script_args('http-get.path')
+  end
+
+  return http.get( host, port, "/" .. path )
+end

http-status.nse

@@ -1,25 +0,0 @@
-local shortport = require "shortport"
-
-description = [[
-Get root page and return status code
-]]
-
----
--- @usage nmap -p80 --script http-status.nse <target>
---
--- @output
--- 404
----
-
-categories = {"discovery", "intrusive"}
-author = "Adrien Malingrey"
-license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
-
-portrule = shortport.http
-
-
-local http = require "http"
-
-action = function(host, port)
-  return http.get( host, port, "/" ).status
-end

init.sh

@@ -11,4 +11,4 @@ read site
 echo "Adresse réseau CIDR (xxx.xxx.xxx.xxx/xx) ?"
 read network
 nmap --script smb-enum-shares.nse -oX "scans/$site.xml" $network
-xsltproc --stringparam site "$site" --stringparam network $network toyaml.xsl "scans/$site.xml" > "site/$site.yaml"
+xsltproc --stringparam site "$site" --stringparam network $network toyaml.xsl "scans/$site.xml" > "confs/$site.yaml"

results.xsl

@@ -134,7 +134,7 @@
                     <a class="ui primary mini button" href="{$scannedPort/service/@name}://{$scannedHostAddress}:{$scannedPort/@portid}">
                         <xsl:attribute name="class">
                             <xsl:choose>
-                                <xsl:when test="$scannedPort/script[@id='http-status']>=400">ui red mini button</xsl:when>
+                                <xsl:when test="$scannedPort/script[@id='http-get']/elem[@key='status']>=400">ui red mini button</xsl:when>
                                 <xsl:otherwise>ui primary mini button</xsl:otherwise>
                             </xsl:choose>
                         </xsl:attribute>

scan_all.php

@@ -8,11 +8,12 @@ if (! function_exists('str_ends_with')) {
 }
 
 if (!file_exists("scans")) mkdir("scans");
+if (!file_exists("site")) mkdir("site");
 
-foreach (scandir("./site/") as $file) {
+foreach (scandir("./confs/") as $file) {
     if (str_ends_with($file, ".yaml")) {
         $site = str_replace(".yaml", "", $file);
-        $yaml = yaml_parse_file("site/$file");
+        $yaml = yaml_parse_file("confs/$file");
 
         $targets = [];
         $services = [];
@@ -46,7 +47,7 @@ foreach (scandir("./site/") as $file) {
         $targets = join(array_keys($targets), " ");
         $services = join(array_keys($services), ",");
 
-        exec("nmap -v -Pn -p $services --script smb-enum-shares.nse,./http-status.nse,./http-favicon-url.nse --script-args=httpspider.maxpagecount=1 -oX 'scans/$site.xml' $targets\n");
+        exec("nmap -v -Pn -p $services --script smb-enum-shares.nse,./http-get.nse,./http-favicon-url.nse --script-args=httpspider.maxpagecount=1 -oX 'scans/$site.xml' $targets\n");
     }
 };