Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File http-grep

Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/http-grep.nse

User Summary

Spiders a website and attempts to match all pages and urls against a given string. Matches are counted and grouped per url under which they were discovered.

Features built in patterns like email, ip, ssn, discover, amex and more. The script searches for email and ip by default.

Script Arguments

http.breakonmatch

Returns output if there is a match for a single pattern type.

http-grep.builtins

supply a single or a list of built in types. supports email, phone, mastercard, discover, visa, amex, ssn and ip addresses. If you just put in script-args http-grep.builtins then all will be enabled.

http-grep.maxdepth

the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)

http-grep.withinhost

only spider URLs within the same host. (default: true)

http-grep.withindomain

only spider URLs within the same domain. This widens the scope from withinhost and can not be used in combination. (default: false)

http-grep.match

the string to match in urls and page contents or list of patterns separated by delimiter

http-grep.maxpagecount

the maximum amount of pages to visit. A negative value disables the limit (default: 20)

http-grep.url

the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 80 www.example.com --script http-grep --script-args='match="[A-Za-z0-9%.%%%+%-]+@[A-Za-z0-9%.%%%+%-]+%.%w%w%w?%w?",breakonmatch'
nmap -p 80 www.example.com --script http-grep --script-args 'http-grep.builtins ={"mastercard", "discover"}, http-grep.url="example.html"'

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-grep: 
|   (1) http://nmap.org/book/man-bugs.html: 
|     (1) email: 
|       + dev@nmap.org
|   (1) http://nmap.org/book/install.html: 
|     (1) email: 
|       + fyodor@nmap.org
|   (16) http://nmap.org/changelog.html: 
|     (7) ip: 
|       + 255.255.255.255
|       + 10.99.24.140
|       + 74.125.53.103
|       + 64.147.188.3
|       + 203.65.42.255
|       + 192.31.33.7
|       + 168.0.40.135
|     (9) email: 
|       + d1n@inbox.com
|       + fyodor@insecure.org
|       + uce@ftc.gov
|       + rhundt@fcc.gov
|       + jquello@fcc.gov
|       + sness@fcc.gov
|       + president@whitehouse.gov
|       + haesslich@loyalty.org
|       + rchong@fcc.gov
|   (6) http://nmap.org/5/#5changes: 
|     (6) ip: 
|       + 207.68.200.30
|       + 64.13.134.52
|       + 4.68.105.6
|       + 209.245.176.2
|       + 69.63.179.23
|_      + 69.63.180.12

Requires


License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]