Script http-comments-displayer

Script types: portrule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-comments-displayer.nse

Script Summary

Extracts and outputs HTML and JavaScript comments from HTTP responses.

Script Arguments

http-comments-displayer.singlepages

Some single pages to check for comments. For example, {"/", "/wiki"}. Default: nil (crawler mode on)

http-comments-displayer.context

declares the number of chars to extend our final strings. This is useful when we need to to see the code that the comments are referring to. Default: 0, Maximum Value: 50

slaxml.debug

See the documentation for the slaxml library.

httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

See the documentation for the httpspider library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-comments-displayer.nse <host>

This scripts uses patterns to extract HTML comments from HTTP
responses and writes these to the command line.

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-comments-displayer:
|     Path: /
|     Line number: 214
|     Comment:
|         <!-- This needs fixing. -->
|
|     Path: /register.php
|     Line number: 15
|     Comment:
|_        /* We should avoid the hardcoding here */

Requires

• http
• shortport
• stdnse
• table
• string
• httpspider

---

Author:

• George Chatzisofroniou

License: Same as Nmap--See https://nmap.org/book/man-legal.html