Created
June 15, 2013 01:18
-
-
Save Sp3ctr3/5786362 to your computer and use it in GitHub Desktop.
This script performs web app fingerprinting using static hashes. The resource argument will contain which file is to be fingerprinted. A database of hashes are kept in nselib/data/staticfile.db. The script reads the hashes as well as the web application associated with it from the database file. The file on the web application is hashed and comp…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
description = [[ | |
This script performs web app fingerprinting using static hashes. The resource argument will contain which file is to be fingerprinted. A database of hashes are kept in nselib/data/staticfile.db. The script reads the hashes as well as the web application associated with it from the database file. The file on the web application is hashed and compared to the local hash table obtained from the database file. This method leads to fewer false postives as well as lesser resource utilization than the http-enum script.]] | |
--@args resource The file which is to be compared on the web application. | |
author = "Yashin Mehaboobe" | |
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" | |
categories={"discovery","safe"} | |
local http = require "http" | |
local shortport = require "shortport" | |
local datafiles = require "datafiles" | |
local nmap = require "nmap" | |
local stdnse = require "stdnse" | |
stdnse.silent_require "openssl" | |
portrule = shortport.http | |
action = function(host,port) | |
local ch_hash | |
local fprint | |
local db_file ="nselib/data/staticfile.db" | |
status, hashlist = datafiles.parse_file( db_file, {["^%s*([^%s#:]+)[%s:]+"] = "^%s*[^%s#:]+[%s:]+(.*)"}) | |
if not status then | |
stdnse.print_debug(1,"Could not locate database file") | |
return | |
end | |
local hsh = nmap.registry.args.resource | |
response=http.get(host,port,hsh) | |
if response.body and response.status == 200 then | |
while ch_hash == nil do | |
ch_hash=stdnse.tohex(openssl.md5(response.body)) | |
fprint=hashlist[ch_hash] | |
end | |
end | |
if fprint then | |
return "Fingerprint matches " .. fprint | |
elseif ch_hash then | |
return "Unknown hash " .. ch_hash | |
else | |
return "File not found" | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment