Script http-internal-ip-disclosure

Script types: portrule
Categories: vuln, discovery, safe

Script Summary

Determines if the web server leaks its internal IP address when sending an HTTP/1.0 request without a Host header.

Some misconfigured web servers leak their internal IP address in the response headers when returning a redirect response. This is a known issue for some versions of Microsoft IIS, but affects other web servers as well.

See also:

Script Arguments


Path to URI. Default: /

Example Usage

  • nmap --script http-internal-ip-disclosure <target>
  • nmap --script http-internal-ip-disclosure --script-args http-internal-ip-disclosure.path=/path <target>

Script Output

80/tcp open  http    syn-ack
| http-internal-ip-disclosure:
|_  Internal IP Leaked:



  • Josh Amishav-Zlatin

License: Same as Nmap--See