File http-traceroute

脚本使用类型: portrule
脚本所属分类: discovery, safe
脚本下载地址: http://nmap.org/svn/scripts/http-traceroute.nse

User Summary

Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies.

The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and Content-Length HTTP headers and body values such as the html title.

Based on the work of:

• Nicolas Gregoire (nicolas.gregoire@agarri.fr)
• Julien Cayssol (tools@aqwz.com)

For more information, see: * http://www.agarri.fr/kom/archives/2011/11/12/traceroute-like_http_scanner/index.html

Script Arguments

http-traceroute.path

The path to send requests to. Defaults to /.

http-traceroute.method

HTTP request method to use. Defaults to GET. among other values, TRACE is probably the most interesting.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

Example Usage

执行格式

nmap --script=http-traceroute <targets>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-traceroute: 
|   HTML title
|     Hop #1: Twitter / Over capacity
|     Hop #2: t.co / Twitter
|     Hop #3: t.co / Twitter
|   Status Code
|     Hop #1: 502
|     Hop #2: 200
|     Hop #3: 200
|   server
|     Hop #1: Apache
|     Hop #2: hi
|     Hop #3: hi
|   content-type
|     Hop #1: text/html; charset=UTF-8
|     Hop #2: text/html; charset=utf-8
|     Hop #3: text/html; charset=utf-8
|   content-length
|     Hop #1: 4833
|     Hop #2: 3280
|     Hop #3: 3280
|   last-modified
|     Hop #1: Thu, 05 Apr 2012 00:19:40 GMT
|     Hop #2
|_    Hop #3

Requires

• http
• nmap
• pcre
• shortport
• stdnse
• table

Author: Hani Benhabiles

License: VER007 整理 http://www.ver007.com