Create a gist now

Instantly share code, notes, and snippets.

This script performs web app fingerprinting using static hashes. The resource argument will contain which file is to be fingerprinted. A database of hashes are kept in nselib/data/staticfile.db. The script reads the hashes as well as the web application associated with it from the database file. The file on the web application is hashed and comp…
description = [[
This script performs web app fingerprinting using static hashes. The resource argument will contain which file is to be fingerprinted. A database of hashes are kept in nselib/data/staticfile.db. The script reads the hashes as well as the web application associated with it from the database file. The file on the web application is hashed and compared to the local hash table obtained from the database file. This method leads to fewer false postives as well as lesser resource utilization than the http-enum script.]]
--@args resource The file which is to be compared on the web application.
author = "Yashin Mehaboobe"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories={"discovery","safe"}
local http = require "http"
local shortport = require "shortport"
local datafiles = require "datafiles"
local nmap = require "nmap"
local stdnse = require "stdnse"
stdnse.silent_require "openssl"
portrule = shortport.http
action = function(host,port)
local ch_hash
local fprint
local db_file ="nselib/data/staticfile.db"
status, hashlist = datafiles.parse_file( db_file, {["^%s*([^%s#:]+)[%s:]+"] = "^%s*[^%s#:]+[%s:]+(.*)"})
if not status then
stdnse.print_debug(1,"Could not locate database file")
return
end
local hsh = nmap.registry.args.resource
response=http.get(host,port,hsh)
if response.body and response.status == 200 then
while ch_hash == nil do
ch_hash=stdnse.tohex(openssl.md5(response.body))
fprint=hashlist[ch_hash]
end
end
if fprint then
return "Fingerprint matches " .. fprint
elseif ch_hash then
return "Unknown hash " .. ch_hash
else
return "File not found"
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment