nmap 5.21-1.1ubuntu1 / usr / share / nmap / scripts / http-trace.nse

This file is indexed.

/usr/share/nmap/scripts/http-trace.nse is in nmap 5.21-1.1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
description = [[
Sends an HTTP TRACE request and shows header fields that were modified in the
response.
]]

---
-- @output
-- 80/tcp open  http
-- |  http-trace: Response differs from request.  First 5 additional lines:
-- |  Cookie: UID=d4287aa38d02f409841b4e0c0050c131...
-- |  Country: us
-- |  Ip_is_advertise_combined: yes
-- |  Ip_conntype-Confidence: -1
-- |_ Ip_line_speed: medium

-- 08/31/2007

author = "Kris Katterjohn"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"discovery", "safe"}

require "comm"
require "shortport"
require "stdnse"

--- Truncates and formats the first 5 elements of a table.
--@param tab The table to truncate.
--@return Truncated, formatted table.
local truncate = function(tab)
	local str = ""
	str = str .. tab[1] .. "\n"
	str = str .. tab[2] .. "\n"
	str = str .. tab[3] .. "\n"
	str = str .. tab[4] .. "\n"
	str = str .. tab[5] .. "\n"
	return str
end

--- Validates the HTTP response and checks for modifications.
--@param response The HTTP response from the server.
--@param original The original HTTP request sent to the server.
--@return A string describing the changes (if any) between the response and
-- request.
local validate = function(response, original)
	local start, stop
	local body

	if not response:match("HTTP/1.[01] 200") or
	   not response:match("TRACE / HTTP/1.0") then
		return
	end

	start, stop = response:find("\r\n\r\n")
	body = response:sub(stop + 1)

	if original ~= body then
		local output =  "Response differs from request.  "

		if body:match("^TRACE / HTTP/1.0\r\n") then
			local extra = body:sub(19) -- skip TRACE line
			local tab = {}

			-- Skip extra newline at the end (making sure it's there)
			extra = extra:gsub("\r\n\r\n$", "\r\n")

			tab = stdnse.strsplit("\r\n", extra)

			if #tab > 5 then
				output = output .. "First 5 additional lines:\n"
				return output .. truncate(tab)
			end

			output = output .. "Additional lines:\n"
			return output .. extra .. "\n"
		end

		-- This shouldn't happen

		output = output .. "Full response:\n"
		return output .. body .. "\n"
	end

	return
end

portrule = shortport.port_or_service({80, 8080, 443}, {"http", "https"})

action = function(host, port)
	local cmd = "TRACE / HTTP/1.0\r\n\r\n"

	local sd, response = comm.tryssl(host, port, cmd, false)
	if not sd then 
		stdnse.print_debug("Unable to open connection") 
		return
	end
	return validate(response, cmd)
end

APT Browse - Built by Thomas Orozco.