web_techno

author = "Dr Claw" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"discovery"} -- @output -- 80/tcp open http -- | web_techno: -- |_Redirection to: https://github.com -- 443/tcp open https -- | web_techno: -- | "[UI frameworks] Bootstrap:46" -- | "[PaaS] GitHub Pages:null" -- | "[Web frameworks] Ruby on Rails:null" -- |_"[Programming languages] Ruby:null" description = [[ Find web technology base on wappalyzer. ]] local nmap = require "nmap" local stdnse = require "stdnse" local http = require("http") portrule = function(host, port) if port.service == "https" or port.service == "http" then return port.protocol == "tcp" and port.state == "open" end end action = function(host, port) if port.service == "http" then url = "http://" .. host.targetname .. ":" .. port.number .. "/" resp = http.get(host.targetname,port.number, "/") else url = "https://" .. host.targetname .. ":" .. port.number .. "/" resp = http.get(host.targetname,port.number, "/") end if tonumber(resp.status) > 400 then err_output = resp.content for key, value in pairs(resp.rawheader) do err_output = err_output .. key .. value .."\n" end output = "Error:\n" .. code .. "\n" .. err_output return output elseif tonumber(resp.status) == 301 then url = resp.header['location'] end if resp.header['location'] ~= nil then output = "\n Redirection to: " .. resp.header['location'] else cmd = "wappalyzer " .. url .. " 2> /dev/null | jq -r '.technologies[] | [ \" [\"+.categories[].name +\"] \"+.name+\":\"+ if .version then .version else \"unknow\" end] |.[]'" output = "\n" .. io.popen(cmd, "r"):read("*a"):sub(1, -2) if output == '\n' then output = "No data" end end return output end

Overview

Imported from the upstream repository mmpx12/NSE-web-techno. Detect web technology base on wappalyer

Installation

Need npm and jq

sudo npm install -g wappalyzer
sudo pacman -S jq
sudo cp web_techno.nse /usr/share/nmap/scripts/web_techno.nse
sudo nmap --script-updatedb

Usage

nmap --script web_techno github.com

output:

Github:

PORT    STATE SERVICE
80/tcp  open  http
| web_techno: 
|_  Redirection to: https://github.com/
443/tcp open  https
| web_techno: 
|   [CRM] Salesforce:unknow
|   [Web frameworks] Ruby on Rails:unknow
|   [PaaS] Amazon Web Services:unknow
|   [PaaS] GitHub Pages:unknow
|   [Webmail] Google Workspace:unknow
|   [Email] Google Workspace:unknow
|_  [SSL/TLS certificate authorities] DigiCert:unknow

Arch wiki:

PORT    STATE SERVICE
443/tcp open  https
| web_techno: 
|   [Wikis] MediaWiki:1.34.0
|   [Web servers] Nginx:1.16.1
|   [Reverse proxies] Nginx:1.16.1
|_  [Programming languages] PHP:7.4.4

Use `-sV` with non standards ports

Exemple:

nmap --script web_techno  localhost
...
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
| web_techno:
|   [JavaScript graphics] D3:3.0.8
|   [Web servers] Nginx:1.16.1
|_  [Reverse proxies] Nginx:1.16.1
8000/tcp  open  http-alt
12345/tcp open  netbus

Now with -sV:

nmap -sV --script web_techno  localhost
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 8.2 (protocol 2.0)
80/tcp    open  http    nginx 1.16.1
|_http-server-header: nginx/1.16.1
| web_techno:
|   [JavaScript graphics] D3:3.0.8
|   [Web servers] Nginx:1.16.1
|_  [Reverse proxies] Nginx:1.16.1
8000/tcp  open  http    SimpleHTTPServer 0.6 (Python 3.8.2)
|_http-server-header: SimpleHTTP/0.6 Python/3.8.2
| web_techno:
|   [Programming languages] Python:3.8.2
|_  [Web servers] SimpleHTTP:0.6
12345/tcp open  http    SimpleHTTPServer 0.6 (Python 3.8.2)
|_http-server-header: SimpleHTTP/0.6 Python/3.8.2
| web_techno:
|   [JavaScript graphics] D3:3.0.8
|   [Programming languages] Python:3.8.2
|_  [Web servers] SimpleHTTP:0.6

TODO:

Link cve to founded techno
Exploit cve

NSE LIB

Usage

Overview

Installation

Usage

output:

Github:

Arch wiki:

Use -sV with non standards ports

Exemple:

TODO:

Use `-sV` with non standards ports