Tweet
Below is a basic NSE (nmap Scripting Engine) script example written in LUA. It contain the most basic parts of what a NSE script should contain.
When used while running an nmap scan the script will run on any target listening on port 80 or 443 or any other port that nmap identifies as a open and listening web service.
The script will send a GET request to the target and then go through all the header key/value pairs and output the result.
Even though this is written in LUA and nmap will accept the .lua extension it is recommended to stay with the .nse extension for NSE scripts.
File: http-headers-get.nse
Tamper with it, modify it or make your own version. The purpose of this script is just to get you started if you have not tampered with NSE scripts before. nmap already have similar scripts available so there is no real world use for this except it makes up a simple example.
LUA is not that hard to learn if you have some programming experience already. Not that I am an expert.
Visit https://nmap.org/ for more information and remember that any NSE script that comes with nmap can be studied to get inspiration.
When used while running an nmap scan the script will run on any target listening on port 80 or 443 or any other port that nmap identifies as a open and listening web service.
The script will send a GET request to the target and then go through all the header key/value pairs and output the result.
Even though this is written in LUA and nmap will accept the .lua extension it is recommended to stay with the .nse extension for NSE scripts.
File: http-headers-get.nse
Code:
-- Nmap libraries
local nmap = require "nmap"
local stdnse = require "stdnse"
local table = require "table"
local http = require "http"
local shortport = require "shortport"
-- Mandetory description, author, license and categories
description = [[Lua Nmap Header grapper. This is a fully functional sample service script.]]
author = "Resheph"
license = "Same as Nmap--See [URL]http://nmap.org/book/man-legal.html[/URL]"
categories = {"discovery", "safe"}
-- Run this script on port 80, 443 or any other port that is identified as http or https that is an open tcp port
portrule = shortport.port_or_service({80, 443}, {"http", "https"}, {"tcp", "open"})
--[[ This is what is being done when the script is being run.
Host and port comes from the Nmap Scripting Engine ]]--
action = function(host, port)
-- Initialize local variables
local response = {} -- Variable for the get request
local k, v = nil, nil -- Variables for looping through the header[] key/value pair
local output = {} -- Variable for the output
response = http.get(host, port, "/") -- Do the request and put the reply in the response variable
if response.status -- If the response.status is not nil
and response.status ~=404 -- And not a 404
then -- then
for k, v in pairs(response.header) do -- Loop through the headers in the response
table.insert(output, k:upper() .. ": " .. response.header[k] .. ": " .. v) -- Put each header key/value pair in the output variable. The key is set to upper case
end
table.sort(output) -- Sort the output
return stdnse.format_output(true, output) -- Return the output to NSE
else
return response["status-line"] -- If something went wrong, send the error message to NSE
end
end
LUA is not that hard to learn if you have some programming experience already. Not that I am an expert.
Visit https://nmap.org/ for more information and remember that any NSE script that comes with nmap can be studied to get inspiration.