From 0d47952611198ef6b1163f366dc03922d20b1475 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 09:42:04 +0200 Subject: Adding upstream version 7.94+git20230807.3be01efb1+dfsg. Signed-off-by: Daniel Baumann --- scripts/http-aspnet-debug.nse | 60 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 scripts/http-aspnet-debug.nse (limited to 'scripts/http-aspnet-debug.nse') diff --git a/scripts/http-aspnet-debug.nse b/scripts/http-aspnet-debug.nse new file mode 100644 index 0000000..111bf65 --- /dev/null +++ b/scripts/http-aspnet-debug.nse @@ -0,0 +1,60 @@ +local http = require "http" +local shortport = require "shortport" +local stdnse = require "stdnse" + +description = [[ +Determines if a ASP.NET application has debugging enabled using a HTTP DEBUG request. + +The HTTP DEBUG verb is used within ASP.NET applications to start/stop remote +debugging sessions. The script sends a 'stop-debug' command to determine the +application's current configuration state but access to RPC services is required + to interact with the debugging session. The request does not change the +application debugging configuration. +]] + +--- +-- @usage nmap --script http-aspnet-debug +-- @usage nmap --script http-aspnet-debug --script-args http-aspnet-debug.path=/path +-- +-- @args http-aspnet-debug.path Path to URI. Default: / +-- +-- @output +-- 80/tcp open http syn-ack +-- | http-aspnet-debug: +-- |_ status: DEBUG is enabled +-- +-- @xmloutput +-- DEBUG is enabled +--- + +author = "Josh Amishav-Zlatin" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = { "vuln", "discovery" } + +portrule = shortport.http + +local function generate_http_debug_req(host, port, path) + local status = false + local options = {header={}} + options["header"]["Command"] = "stop-debug" + options["redirect_ok"] = 2 + + -- send DEBUG request with stop-debug command + local req = http.generic_request(host, port, "DEBUG", path, options) + + stdnse.debug1("Response body: %s", req.body ) + if req.body:match("OK") then + status = true + end + return status +end + +action = function(host, port) + local output = stdnse.output_table() + local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/" + local status = generate_http_debug_req(host, port, path) + if status then + output.status = "DEBUG is enabled" + return output + end +end -- cgit v1.2.3