Script http-traceroute
Script types:
portrule
Categories:
discovery, safe
Download: https://svn.nmap.org/nmap/scripts/http-traceroute.nse
Script Summary
Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies.
The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and Content-Length HTTP headers and body values such as the HTML title.
Based on the work of:
- Nicolas Gregoire (nicolas.gregoire@agarri.fr)
- Julien Cayssol (tools@aqwz.com)
For more information, see:
Script Arguments
- http-traceroute.path
The path to send requests to. Defaults to
/.- http-traceroute.method
HTTP request method to use. Defaults to
GET. Among other values, TRACE is probably the most interesting.- slaxml.debug
See the documentation for the slaxml library.
- http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script=http-traceroute <targets>
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-traceroute: | HTML title | Hop #1: Twitter / Over capacity | Hop #2: t.co / Twitter | Hop #3: t.co / Twitter | Status Code | Hop #1: 502 | Hop #2: 200 | Hop #3: 200 | server | Hop #1: Apache | Hop #2: hi | Hop #3: hi | content-type | Hop #1: text/html; charset=UTF-8 | Hop #2: text/html; charset=utf-8 | Hop #3: text/html; charset=utf-8 | content-length | Hop #1: 4833 | Hop #2: 3280 | Hop #3: 3280 | last-modified | Hop #1: Thu, 05 Apr 2012 00:19:40 GMT | Hop #2 |_ Hop #3
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html