403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/share/nmap/scripts/http-apache-server-status.nse
local nmap = require "nmap"
local shortport = require "shortport"
local http = require "http"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"

description = [[
Attempts to retrieve the server-status page for Apache webservers that
have mod_status enabled. If the server-status page exists and appears to
be from mod_status the script will parse useful information such as the
system uptime, Apache version and recent HTTP requests.

References:
* http://httpd.apache.org/docs/2.4/mod/mod_status.html
* https://blog.sucuri.net/2012/10/popular-sites-with-apache-server-status-enabled.html
* https://www.exploit-db.com/ghdb/1355/
* https://github.com/michenriksen/nmap-scripts
]]

---
--@usage nmap -p80 --script http-apache-server-status <target>
--@usage nmap -sV --script http-apache-server-status <target>
--
--@output
-- PORT   STATE SERVICE
-- 80/tcp open  http
-- | http-apache-server-status:
-- |   Heading: Apache Server Status for example.com (via 127.0.1.1)
-- |   Server Version:  Apache/2.4.12 (Ubuntu)
-- |   Server Built:  Jul 24 2015 15:59:00
-- |   Server Uptime:   53 minutes 31 seconds
-- |   Server Load:  0.00 0.01 0.05
-- |   VHosts:
-- |_    www.example.com:80  GET /server-status HTTP/1.1
--
-- @xmloutput
-- <elem key="Heading">Apache Server Status for example.com (via 127.0.1.1)</elem>
-- <elem key="Server Version">Apache/2.4.12 (Ubuntu)</elem>
-- <elem key="Server Built">Jul 24 2015 15:59:00</elem>
-- <elem key="Server Uptime">59 minutes 26 seconds</elem>
-- <elem key="Server Load">0.01 0.02 0.05</elem>
-- <table key="VHosts">
--   <elem>www.example.com:80</elem>
-- </table>

author = "Eric Gershman"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}

portrule = function(host, port)
  if not shortport.http(host, port) then
    return false
  end
  if port.version and port.version.product then
    return string.match(port.version.product, "Apache")
  end
  return true
end

action = function(host, port)
  -- Perform a GET request for /server-status
  local path = "/server-status"
  local response = http.get(host,port,path)
  local result = {}

  -- Fail if there is no data in the response, the response body or if the HTTP status code is not successful
  if not response or not response.status or response.status ~= 200 or not response.body then
    stdnse.debug(1, "Failed to retrieve: %s", path)
    return
  end

  -- Fail if this doesn't appear to be an Apache mod_status page
  if not string.match(response.body, "Apache%sServer%sStatus") then
    stdnse.debug(1, "%s does not appear to be a mod_status page", path)
    return
  end

  result = stdnse.output_table()

  -- Remove line breaks from response.body to handle html tags that span multiple lines
  response.body = string.gsub(response.body, "\n", "")

  -- Add useful data to the result table
  result["Heading"] = string.match(response.body, "<h1>([^<]*)</h1>")
  result["Server Version"] = string.match(response.body, "Server%sVersion:%s*([^<]*)</")
  result["Server Built"] = string.match(response.body, "Server%sBuilt:%s*([^<]*)</")
  result["Server Uptime"] = string.match(response.body, "Server%suptime:%s*([^<]*)</")
  result["Server Load"] = string.match(response.body, "Server%sload:%s*([^<]*)</")

  port.version = port.version or {}
  if port.version.product == nil and (port.version.name_confidence or 0) <= 3 then
    port.version.service = "http"
    port.version.product = "Apache httpd"
    local cpe = "cpe:/a:apache:http_server"
    local version, extra = string.match(result["Server Version"], "^Apache/([%w._-]+)%s*(.-)$")
    if version then
      cpe = cpe .. ":" .. version
      port.version.version = version
    end
    if extra then
      port.version.extrainfo = extra
    end
    port.version.cpe = port.version.cpe or {}
    table.insert(port.version.cpe, cpe)
    nmap.set_port_version(host, port, "hardmatched")
  end

  result.VHosts = {}
  local uniq_requests = {}

  -- Parse the Apache client requests into the result table
  for line in string.gmatch(response.body, "<td nowrap>.-</td></tr>") do
    -- skip line if the request is empty
    if not string.match(line, "<td%snowrap></td><td%snowrap></td></tr>") then
      local vhost = string.match(line, ">([^<]*)</td><td")
      uniq_requests[vhost] = 1
    end
  end
  for request,count in pairs(uniq_requests) do
    table.insert(result.VHosts,request)
  end
  table.sort(result.VHosts)

  return result
end

Youez - 2016 - github.com/yon3zu
LinuXploit