summaryrefslogtreecommitdiffstats
path: root/scripts/http-aspnet-debug.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/http-aspnet-debug.nse')
-rw-r--r--scripts/http-aspnet-debug.nse60
1 files changed, 60 insertions, 0 deletions
diff --git a/scripts/http-aspnet-debug.nse b/scripts/http-aspnet-debug.nse
new file mode 100644
index 0000000..111bf65
--- /dev/null
+++ b/scripts/http-aspnet-debug.nse
@@ -0,0 +1,60 @@
+local http = require "http"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+
+description = [[
+Determines if a ASP.NET application has debugging enabled using a HTTP DEBUG request.
+
+The HTTP DEBUG verb is used within ASP.NET applications to start/stop remote
+debugging sessions. The script sends a 'stop-debug' command to determine the
+application's current configuration state but access to RPC services is required
+ to interact with the debugging session. The request does not change the
+application debugging configuration.
+]]
+
+---
+-- @usage nmap --script http-aspnet-debug <target>
+-- @usage nmap --script http-aspnet-debug --script-args http-aspnet-debug.path=/path <target>
+--
+-- @args http-aspnet-debug.path Path to URI. Default: /
+--
+-- @output
+-- 80/tcp open http syn-ack
+-- | http-aspnet-debug:
+-- |_ status: DEBUG is enabled
+--
+-- @xmloutput
+-- <elem key="status">DEBUG is enabled</elem>
+---
+
+author = "Josh Amishav-Zlatin"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = { "vuln", "discovery" }
+
+portrule = shortport.http
+
+local function generate_http_debug_req(host, port, path)
+ local status = false
+ local options = {header={}}
+ options["header"]["Command"] = "stop-debug"
+ options["redirect_ok"] = 2
+
+ -- send DEBUG request with stop-debug command
+ local req = http.generic_request(host, port, "DEBUG", path, options)
+
+ stdnse.debug1("Response body: %s", req.body )
+ if req.body:match("OK") then
+ status = true
+ end
+ return status
+end
+
+action = function(host, port)
+ local output = stdnse.output_table()
+ local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/"
+ local status = generate_http_debug_req(host, port, path)
+ if status then
+ output.status = "DEBUG is enabled"
+ return output
+ end
+end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-12 00:43:34 +0000