Script http-grep

Script types: portrule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-grep.nse

Script Summary

Spiders a website and attempts to match all pages and urls against a given string. Matches are counted and grouped per url under which they were discovered.

Features built in patterns like email, ip, ssn, discover, amex and more. The script searches for email and ip by default.

Script Arguments

http-grep.breakonmatch

Returns output if there is a match for a single pattern type.

http-grep.builtins

supply a single or a list of built in types. supports email, phone, mastercard, discover, visa, amex, ssn and ip addresses. If you just put in script-args http-grep.builtins then all will be enabled.

http-grep.maxdepth

the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3)

http-grep.withinhost

only spider URLs within the same host. (default: true)

http-grep.withindomain

only spider URLs within the same domain. This widens the scope from withinhost and can not be used in combination. (default: false)

http-grep.match

the string to match in urls and page contents or list of patterns separated by delimiter

http-grep.maxpagecount

the maximum amount of pages to visit. A negative value disables the limit (default: 20)

http-grep.url

the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /)

slaxml.debug

See the documentation for the slaxml library.

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap -p 80 www.example.com --script http-grep --script-args='match="[A-Za-z0-9%.%%%+%-]+@[A-Za-z0-9%.%%%+%-]+%.%w%w%w?%w?",breakonmatch'
nmap -p 80 www.example.com --script http-grep --script-args 'http-grep.builtins ={"mastercard", "discover"}, http-grep.url="example.html"'

Script Output

| http-grep:
|   (1) https://nmap.org/book/man-bugs.html:
|     (1) email:
|       + dev@nmap.org
|   (1) https://nmap.org/book/install.html:
|     (1) email:
|       + fyodor@nmap.org
|   (16) https://nmap.org/changelog.html:
|     (7) ip:
|       + 255.255.255.255
|       + 10.99.24.140
|       + 74.125.53.103
|       + 64.147.188.3
|       + 203.65.42.255
|       + 192.31.33.7
|       + 168.0.40.135
|     (9) email:
|       + d1n@inbox.com
|       + fyodor@insecure.org
|       + uce@ftc.gov
|       + rhundt@fcc.gov
|       + jquello@fcc.gov
|       + sness@fcc.gov
|       + president@whitehouse.gov
|       + haesslich@loyalty.org
|       + rchong@fcc.gov
|   (6) https://nmap.org/5/#5changes:
|     (6) ip:
|       + 207.68.200.30
|       + 64.13.134.52
|       + 4.68.105.6
|       + 209.245.176.2
|       + 69.63.179.23
|_      + 69.63.180.12

Requires

• string
• httpspider
• shortport
• stdnse
• table
• tableaux

---

Authors:

• Patrik Karlsson
• Gyanendra Mishra

License: Same as Nmap--See https://nmap.org/book/man-legal.html