-
Notifications
You must be signed in to change notification settings - Fork 23
/
fastcgi_fingerprint.nse
51 lines (31 loc) · 3.08 KB
/
fastcgi_fingerprint.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
description = [[
Attempts to determine whether or not a TCP service is running FastCGI.
]]
author = "Christopher Grayson, Marc Newlin"
categories = {"default", "discovery", "safe"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
portrule = function(host, port)
return port.protocol == "tcp" and port.state == "open"
end
action = function(host, port)
local fcgi_connection = nmap.new_socket()
local catch = function()
fcgi_connection:close()
end
local try = nmap.new_try(catch)
try(fcgi_connection:connect(host.ip, port.number))
-- local request = '\001\001\022\211\000\008\000\000\000\001\000\000\000\000\000\000\001\004\022\211\001\104\000\000\014\001\067\079\078\084\069\078\084\095\076\069\078\071\084\072\051\012\033\067\079\078\084\069\078\084\095\084\089\080\069\097\112\112\108\105\099\097\116\105\111\110\047\120\045\119\119\119\045\102\111\114\109\045\117\114\108\101\110\099\111\100\101\100\011\004\082\069\077\079\084\069\095\080\079\082\084\057\057\056\053\011\009\083\069\082\086\069\082\095\078\065\077\069\108\111\099\097\108\104\111\115\116\017\011\071\065\084\069\087\065\089\095\073\078\084\069\082\070\065\067\069\070\097\115\116\067\071\073\047\049\046\048\015\014\083\069\082\086\069\082\095\083\079\070\084\087\065\082\069\112\104\112\047\102\099\103\105\099\108\105\101\110\116\011\009\082\069\077\079\084\069\095\065\068\068\082\049\050\055\046\048\046\048\046\049\015\008\083\067\082\073\080\084\095\070\073\076\069\078\065\077\069\047\102\111\111\047\098\097\114\011\004\083\067\082\073\080\084\095\078\065\077\069\047\098\097\114\014\004\082\069\081\085\069\083\084\095\077\069\084\072\079\068\080\079\083\084\011\002\083\069\082\086\069\082\095\080\079\082\084\056\048\015\008\083\069\082\086\069\082\095\080\082\079\084\079\067\079\076\072\084\084\080\047\049\046\049\012\000\081\085\069\082\089\095\083\084\082\073\078\071\013\004\068\079\067\085\077\069\078\084\095\082\079\079\084\047\102\111\111\011\009\083\069\082\086\069\082\095\065\068\068\082\049\050\055\046\048\046\048\046\049\011\004\082\069\081\085\069\083\084\095\085\082\073\047\098\097\114\001\004\022\211\000\000\000\000\001\005\022\211\000\003\000\000\102\111\111\001\005\022\211\000\000\000\000'
-- "\x01\t\x00\x00\x000\x00\x00\x0e\x00FCGI_MAX_CONNS\x0f\x00FCGI_MPXS_CONNS\r\x00FCGI_MAX_REQS" Python string for management request
local request = '\001\009\000\000\000\048\000\000\014\000\070\067\071\073\095\077\065\088\095\067\079\078\078\083\015\000\070\067\071\073\095\077\080\088\083\095\067\079\078\078\083\013\000\070\067\071\073\095\077\065\088\095\082\069\081\083'
try(fcgi_connection:send(request))
local status, response = fcgi_connection:receive()
try(fcgi_connection:close())
local to_return = nil
-- if status and string.find(response, "Status:") or string.find(response, "Content-") or string.find(response, "No input file") then
-- to_return = "FastCGI server found."
-- end
if status and (string.find(response, "FCGI_MAX_REQS") or string.find(response, "FCGI_MAX_CONNS") or string.find(response, "FCGI_MPXS_CONNS")) then
to_return = "FastCGI server found."
end
return to_return
end