Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-traceroute

Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/http-traceroute.nse

User Summary

Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies.

The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and Content-Length HTTP headers and body values such as the html title.

Based on the work of:

  • Nicolas Gregoire (nicolas.gregoire@agarri.fr)
  • Julien Cayssol (tools@aqwz.com)

For more information, see: * http://www.agarri.fr/kom/archives/2011/11/12/traceroute-like_http_scanner/index.html

Script Arguments

http-traceroute.path

The path to send requests to. Defaults to /.

http-traceroute.method

HTTP request method to use. Defaults to GET. among other values, TRACE is probably the most interesting.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script=http-traceroute <targets>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-traceroute:
|   HTML title
|     Hop #1: Twitter / Over capacity
|     Hop #2: t.co / Twitter
|     Hop #3: t.co / Twitter
|   Status Code
|     Hop #1: 502
|     Hop #2: 200
|     Hop #3: 200
|   server
|     Hop #1: Apache
|     Hop #2: hi
|     Hop #3: hi
|   content-type
|     Hop #1: text/html; charset=UTF-8
|     Hop #2: text/html; charset=utf-8
|     Hop #3: text/html; charset=utf-8
|   content-length
|     Hop #1: 4833
|     Hop #2: 3280
|     Hop #3: 3280
|   last-modified
|     Hop #1: Thu, 05 Apr 2012 00:19:40 GMT
|     Hop #2
|_    Hop #3

Requires


Author: Hani Benhabiles

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]