File http-grep

脚本使用类型: portrule
脚本所属分类: discovery, safe
脚本下载地址: http://nmap.org/svn/scripts/http-grep.nse

User Summary

Spiders a website and attempts to match all pages and urls against a given string. Matches are counted and grouped per url under which they were discovered.

Script Arguments

http-grep.maxdepth

the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)

http-grep.withinhost

only spider URLs within the same host. (default: true)

http-grep.withindomain

only spider URLs within the same domain. This widens the scope from withinhost and can not be used in combination. (default: false)

http-grep.match

the string to match in urls and page contents

http-grep.maxpagecount

the maximum amount of pages to visit. A negative value disables the limit (default: 20)

http-grep.url

the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)

httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

Example Usage

执行格式

nmap -p 80 www.example.com --script http-grep --script-args='http-grep.match="[A-Za-z0-9%.%%%+%-]+@[A-Za-z0-9%.%%%+%-]+%.%w%w%w?%w?",http-grep.breakonmatch'

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-grep: 
|   (4) http://example.com/name/
|     + name@example.com
|     + name@example.com
|     + name@example.com
|     + name@example.com
|   (4) http://example.com/sales.html
|     + sales@example.com
|     + sales@example.com
|     + sales@example.com
|__   + sales@example.com

Requires

• httpspider
• shortport
• stdnse
• table

Author: Patrik Karlsson

License: VER007 整理 http://www.ver007.com