File http-traceroute
Script types:
portrule
Categories:
discovery, safe
Download: http://nmap.org/svn/scripts/http-traceroute.nse
User Summary
Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies.
The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and Content-Length HTTP headers and body values such as the html title.
Based on the work of:
- Nicolas Gregoire (nicolas.gregoire@agarri.fr)
- Julien Cayssol (tools@aqwz.com)
For more information, see: * http://www.agarri.fr/kom/archives/2011/11/12/traceroute-like_http_scanner/index.html
Script Arguments
http-traceroute.path
The path to send requests to. Defaults to /.
http-traceroute.method
HTTP request method to use. Defaults to GET.
among other values, TRACE is probably the most interesting.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script=http-traceroute <targets>
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-traceroute: | HTML title | Hop #1: Twitter / Over capacity | Hop #2: t.co / Twitter | Hop #3: t.co / Twitter | Status Code | Hop #1: 502 | Hop #2: 200 | Hop #3: 200 | server | Hop #1: Apache | Hop #2: hi | Hop #3: hi | content-type | Hop #1: text/html; charset=UTF-8 | Hop #2: text/html; charset=utf-8 | Hop #3: text/html; charset=utf-8 | content-length | Hop #1: 4833 | Hop #2: 3280 | Hop #3: 3280 | last-modified | Hop #1: Thu, 05 Apr 2012 00:19:40 GMT | Hop #2 |_ Hop #3
Requires
Author: Hani Benhabiles
License: Same as Nmap--See http://nmap.org/book/man-legal.html