Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nmap HTTP GET request script
description = [[
Issues an arbitrary HTTP GET request
]]
---
-- @usage
-- nmap --script http-get [--script-args http-get.path=/status] -p <port> <host>
-- @args http-get.path The path to request (defaults to /)
-- http-get.match String to match in the HTTP response (incl. headers)
-- @output
-- PORT STATE SERVICE
-- 80/tcp open http
-- | http-get:
-- | GET /status -> 200 OK
-- |_ Matches: Server Status
-- @changelog
-- 2012-04-05 - created by David Wittman <david@wittman.com>
--
author = "David Wittman <david@wittman.com>"
license = "WTFPL"
categories = {"discovery", "safe"}
require("url")
require("http")
require("stdnse")
require("shortport")
portrule = shortport.service ({"http","https"})
action = function(host,port)
local path
local match
local response
local output = {}
path = stdnse.get_script_args('http-get.path') or '/'
match = stdnse.get_script_args('http-get.match')
-- Make HTTP GET request
stdnse.print_debug("%s: %s GET %s",
SCRIPT_NAME,
host.targetname or host.ip,
path)
response = http.get(host, port.number, path)
-- Request failed (not an HTTP server)
if not response.status then
-- Bad response
stdnse.print_debug("%s: %s GET %s - REQUEST FAILED",
SCRIPT_NAME,
host.targetname or host.ip,
path)
-- Exit
return
end
-- Success
if response.status == 200 then
-- Great success
stdnse.print_debug("%s: %s GET %s - 200 OK",
SCRIPT_NAME,
host.targetname or host.ip,
path)
table.insert(output, ("GET %s -> 200 OK"):format(path))
-- Check response for match
if match and http.response_contains(response, match) then
table.insert(output, ("Matches: %s"):format(match))
end
-- Non-200 response status
else
stdnse.print_debug("%s: %s GET %s - %d",
SCRIPT_NAME,
host.targetname or host.ip,
path,
response.status)
table.insert(output, ("GET %s -> %d"):format(path, response.status))
end
return stdnse.format_output(true, output)
end
-- vim: set ft=lua expandtab ts=4 sw=4:
@DavidWittman

This comment has been minimized.

Copy link
Owner Author

commented Apr 6, 2012

Here is an example which checks for publicly accessible Apache mod_status pages:

nmap -p80 --open --script http-get.nse \
--script-args http-get.path=/server-status,http-get.match="Server Status" 127.0.0.1 \
| grep -B6 Matches
@RichardHum

This comment has been minimized.

Copy link

commented Apr 13, 2012

When I run it, I get a
attempt to call field 'format_output' (a nil value)
error. Could you please help me?

@DavidWittman

This comment has been minimized.

Copy link
Owner Author

commented Apr 13, 2012

What version of Nmap are you running? I wrote this on 5.51, so it's likely that the NSE libraries you are using are out of date. Try using a more recent version of Nmap or just replacing /usr/share/nmap/nselib/stdnse.lua with the latest version.

@RichardHum

This comment has been minimized.

Copy link

commented Apr 16, 2012

Thanks for the help. I was running 5.0. I upgraded to 5.51 and it works now.

@deed02392

This comment has been minimized.

Copy link

commented Dec 4, 2018

Bug, you need to local shortport = require() etc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.