From 0d47952611198ef6b1163f366dc03922d20b1475 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 09:42:04 +0200 Subject: Adding upstream version 7.94+git20230807.3be01efb1+dfsg. Signed-off-by: Daniel Baumann --- scripts/http-referer-checker.nse | 89 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 scripts/http-referer-checker.nse (limited to 'scripts/http-referer-checker.nse') diff --git a/scripts/http-referer-checker.nse b/scripts/http-referer-checker.nse new file mode 100644 index 0000000..048fdd6 --- /dev/null +++ b/scripts/http-referer-checker.nse @@ -0,0 +1,89 @@ +description = [[ +Informs about cross-domain include of scripts. Websites that include +external javascript scripts are delegating part of their security to +third-party entities. +]] + +--- +-- @usage nmap -p80 --script http-referer-checker.nse +-- +-- This script informs about cross-domain include of scripts by +-- finding src attributes that point to a different domain. +-- +-- @output +-- PORT STATE SERVICE REASON +-- 80/tcp open http syn-ack +-- | http-referer-checker: +-- | Spidering limited to: maxdepth=3; maxpagecount=20; +-- | http://css3-mediaqueries-js.googlecode.com/svn/trunk/css3-mediaqueries.js +-- |_ http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.4.2 +-- +--- + +categories = {"discovery", "safe"} +author = "George Chatzisofroniou" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +local shortport = require "shortport" +local stdnse = require "stdnse" +local table = require "table" +local httpspider = require "httpspider" + +portrule = shortport.port_or_service( {80, 443}, {"http", "https"}, "tcp", "open") + +action = function(host, port) + + local crawler = httpspider.Crawler:new(host, port, '/', { scriptname = SCRIPT_NAME, + maxpagecount = 30, + maxdepth = -1, + withinhost = 0, + withindomain = 0 + }) + + crawler.options.doscraping = function(url) + if crawler:iswithinhost(url) + and not crawler:isresource(url, "js") + and not crawler:isresource(url, "css") then + return true + end + end + + crawler:set_timeout(10000) + + if (not(crawler)) then + return + end + + local scripts = {} + + while(true) do + + local status, r = crawler:crawl() + if (not(status)) then + if (r.err) then + return stdnse.format_output(false, r.reason) + else + break + end + end + + if crawler:isresource(r.url, "js") and not crawler:iswithinhost(r.url) then + scripts[tostring(r.url)] = true + end + + end + + if next(scripts) == nil then + return "Couldn't find any cross-domain scripts." + end + + local results = {} + for s, _ in pairs(scripts) do + table.insert(results, s) + end + + results.name = crawler:getLimitations() + + return stdnse.format_output(true, results) + +end -- cgit v1.2.3