diff options
Diffstat (limited to 'scripts/http-aspnet-debug.nse')
-rw-r--r-- | scripts/http-aspnet-debug.nse | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/scripts/http-aspnet-debug.nse b/scripts/http-aspnet-debug.nse new file mode 100644 index 0000000..111bf65 --- /dev/null +++ b/scripts/http-aspnet-debug.nse @@ -0,0 +1,60 @@ +local http = require "http" +local shortport = require "shortport" +local stdnse = require "stdnse" + +description = [[ +Determines if a ASP.NET application has debugging enabled using a HTTP DEBUG request. + +The HTTP DEBUG verb is used within ASP.NET applications to start/stop remote +debugging sessions. The script sends a 'stop-debug' command to determine the +application's current configuration state but access to RPC services is required + to interact with the debugging session. The request does not change the +application debugging configuration. +]] + +--- +-- @usage nmap --script http-aspnet-debug <target> +-- @usage nmap --script http-aspnet-debug --script-args http-aspnet-debug.path=/path <target> +-- +-- @args http-aspnet-debug.path Path to URI. Default: / +-- +-- @output +-- 80/tcp open http syn-ack +-- | http-aspnet-debug: +-- |_ status: DEBUG is enabled +-- +-- @xmloutput +-- <elem key="status">DEBUG is enabled</elem> +--- + +author = "Josh Amishav-Zlatin" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = { "vuln", "discovery" } + +portrule = shortport.http + +local function generate_http_debug_req(host, port, path) + local status = false + local options = {header={}} + options["header"]["Command"] = "stop-debug" + options["redirect_ok"] = 2 + + -- send DEBUG request with stop-debug command + local req = http.generic_request(host, port, "DEBUG", path, options) + + stdnse.debug1("Response body: %s", req.body ) + if req.body:match("OK") then + status = true + end + return status +end + +action = function(host, port) + local output = stdnse.output_table() + local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/" + local status = generate_http_debug_req(host, port, path) + if status then + output.status = "DEBUG is enabled" + return output + end +end |