Sp3ctr3/http-staticfile.nse

## http-staticfile.nse
description = [[

This script performs web app fingerprinting using static hashes. The resource argument will contain which file is to be fingerprinted. A database of hashes are kept in nselib/data/staticfile.db. The script reads the hashes as well as the web application associated with it from the database file. The file on the web application is hashed and compared to the local hash table obtained from the database file. This method leads to fewer false postives as well as lesser resource utilization than the http-enum script.]]

--@args resource The file which is to be compared on the web application.

author = "Yashin Mehaboobe"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories={"discovery","safe"}


local http = require "http"

local shortport = require "shortport"

local datafiles = require "datafiles"

local nmap = require "nmap"

local stdnse = require "stdnse"

stdnse.silent_require "openssl"


portrule = shortport.http

action = function(host,port)

  local ch_hash

	local fprint

	local db_file ="nselib/data/staticfile.db"
	status, hashlist = datafiles.parse_file( db_file, {["^%s*([^%s#:]+)[%s:]+"] = "^%s*[^%s#:]+[%s:]+(.*)"})
	if not status then
	        stdnse.print_debug(1,"Could not locate database file")
	        return
	end
			local hsh = nmap.registry.args.resource

		response=http.get(host,port,hsh)

		if response.body and response.status == 200 then

			while ch_hash == nil do

				ch_hash=stdnse.tohex(openssl.md5(response.body))

				fprint=hashlist[ch_hash]

			end

		end

	if fprint then

		return "Fingerprint matches " .. fprint

	elseif ch_hash then

		return "Unknown hash " .. ch_hash

	else

		return "File not found"

	end

end
	description = [[

	This script performs web app fingerprinting using static hashes. The resource argument will contain which file is to be fingerprinted. A database of hashes are kept in nselib/data/staticfile.db. The script reads the hashes as well as the web application associated with it from the database file. The file on the web application is hashed and compared to the local hash table obtained from the database file. This method leads to fewer false postives as well as lesser resource utilization than the http-enum script.]]

	--@args resource The file which is to be compared on the web application.

	author = "Yashin Mehaboobe"

	license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

	categories={"discovery","safe"}



	local http = require "http"

	local shortport = require "shortport"

	local datafiles = require "datafiles"

	local nmap = require "nmap"

	local stdnse = require "stdnse"

	stdnse.silent_require "openssl"



	portrule = shortport.http

	action = function(host,port)

	local ch_hash

	local fprint

	local db_file ="nselib/data/staticfile.db"
	status, hashlist = datafiles.parse_file( db_file, {["^%s([^%s#:]+)[%s:]+"] = "^%s[^%s#:]+[%s:]+(.*)"})
	if not status then
	stdnse.print_debug(1,"Could not locate database file")
	return
	end
	local hsh = nmap.registry.args.resource

	response=http.get(host,port,hsh)

	if response.body and response.status == 200 then

	while ch_hash == nil do

	ch_hash=stdnse.tohex(openssl.md5(response.body))

	fprint=hashlist[ch_hash]

	end

	end

	if fprint then

	return "Fingerprint matches " .. fprint

	elseif ch_hash then

	return "Unknown hash " .. ch_hash

	else

	return "File not found"

	end

	end