Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-traceroute

Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/http-traceroute.nse

User Summary

Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies.

The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and Content-Length HTTP headers and body values such as the html title.

Based on the work of:

  • Nicolas Gregoire (nicolas.gregoire@agarri.fr)
  • Julien Cayssol (tools@aqwz.com)

For more information, see: * http://www.agarri.fr/kom/archives/2011/11/12/traceroute-like_http_scanner/index.html

Script Arguments

http-traceroute.path

The path to send requests to. Defaults to /.

http-traceroute.method

HTTP request method to use. Defaults to GET. among other values, TRACE is probably the most interesting.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap --script=http-traceroute <targets>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-traceroute:
|   HTML title
|     Hop #1: Twitter / Over capacity
|     Hop #2: t.co / Twitter
|     Hop #3: t.co / Twitter
|   Status Code
|     Hop #1: 502
|     Hop #2: 200
|     Hop #3: 200
|   server
|     Hop #1: Apache
|     Hop #2: hi
|     Hop #3: hi
|   content-type
|     Hop #1: text/html; charset=UTF-8
|     Hop #2: text/html; charset=utf-8
|     Hop #3: text/html; charset=utf-8
|   content-length
|     Hop #1: 4833
|     Hop #2: 3280
|     Hop #3: 3280
|   last-modified
|     Hop #1: Thu, 05 Apr 2012 00:19:40 GMT
|     Hop #2
|_    Hop #3

Requires


Author: Hani Benhabiles

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]