Script http-internal-ip-disclosure

Script types: portrule
Categories: vuln, discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-internal-ip-disclosure.nse

Script Summary

Determines if the web server leaks its internal IP address when sending an HTTP/1.0 request without a Host header.

Some misconfigured web servers leak their internal IP address in the response headers when returning a redirect response. This is a known issue for some versions of Microsoft IIS, but affects other web servers as well.

See also:

• ssl-cert-intaddr.nse

Script Arguments

http-internal-ip-disclosure.path

Path to URI. Default: /

Example Usage

• nmap --script http-internal-ip-disclosure <target>

• nmap --script http-internal-ip-disclosure --script-args http-internal-ip-disclosure.path=/path <target>
  

Script Output

80/tcp open  http    syn-ack
| http-internal-ip-disclosure:
|_  Internal IP Leaked: 10.0.0.2

Requires

• nmap
• shortport
• stdnse
• ipOps

---

Author:

• Josh Amishav-Zlatin

License: Same as Nmap--See https://nmap.org/book/man-legal.html