Wednesday, January 11, 2006

webserv-naslgrab.nasl

Well I wanted to get a bit more familiar with NASL (Nessus Attack Scripting Language). I've modified nessus plugins in the past but never really did much with it. I have to say I do like it, pretty easy to do testing with.

I needed a way to check a lot of webservers for their versions, and fast. So figured what the heck let me throw something together with NASL. Now this is just a stand-alone script, it will not work within the nessus framework.
(More docs to work with nessus framework are below)

This just sends a HEAD request to the webserver and greps for the server string.

This also could be easly modified to read from the socket and grab other banners. I found this would work for telnet, ftp ,ssh, etc. but for some reason I could not grab the banner from the webservers I was testing. Hence sending
"HEAD / HTTP/1.0\r\n\r\n"

If you wanted to read right from the socket without sending the HEAD command you could just comment that out and replace name w/ server.

I will be looking into this more, but this was just a quick script to get my feet wet.


#####################################################################
# Name: webserv-naslgrab.nasl #
# Description: A non-intrusive way to grab the web server version #
# by sending opening a socket to 80 and sending a #
# HEAD Request. This can be modified to use other #
# ports. #
# Version: .1 #
# Author : Devin Ertel #
# Usage : nasl -t 192.168.1-155 webserv-naslgrab.nasl #
#####################################################################

#Create tcp socket to port 80
soc = open_sock_tcp(80);

#grab host ip of current box with socket open
hostip=get_host_ip();

#if socket was created
if (soc) {

#create string and send
str = string("HEAD / HTTP/1.0\r\n\r\n");
send(socket:soc, data:str);

#grab data from the socket
name = recv(socket:soc, length:1024);

#grep for the line with server in it
server = egrep(pattern:"Server.*", string : name);

#if grep returns value
if(server){
display(server," On IP ",hostip,"\n");
}

#close socket
close(soc);
}


Links:
http://michel.arboi.free.fr/nasl2ref/
http://www.oreillynet.com/pub/a/security/2004/06/03/nessus_plugins.html
http://www.virtualblueness.net/nasl.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)