local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
description = [[
reverse domain for ip
]]
author = "b4dboy"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
portrule = shortport.http
local function trim(str)
return (string.gsub(str, "^%s*(.-)%s*$", "%1"))
end
local function getBanner(host, port)
local result = {}
local socket, status
local content = "GET / HTTP/1.0\r\n\r\n"
socket = nmap.new_socket()
socket:connect(host.ip, port)
socket:send(content)
local response, data = socket:receive()
table.insert(result, string.format('%s', string.match(data, 'Server:')))
data = string.gsub(data, "\r", "")
data = string.match(data, 'Server:%s-([a-zA-Z-/0-9:\\.() ]+\n+)')
if not(data) then
data = 'Unknown'
end
return trim(data)
end
action = function(host, port)
local uri, resp, redirect_url, title
local result = {}
local server = getBanner(host, port)
local banner = "Http Banner: "..server
table.insert(result, banner)
local request_options = {}
request_options.header = {}
request_options.header["If-None-Match"] = 'mark'
uri = string.format('http://global.bing.com/search?q=ip:%s&count=50', host.ip)
resp = http.get_url( uri, request_options )
if resp.location then
redirect_url = resp.location[#resp.location]
if resp.status and tostring( resp.status ):match( "30%d" ) then
return {redirect_url = redirect_url}, ("Did not follow redirect to %s"):format( redirect_url )
end
end
if ( not(resp.body) ) then
return
end
regx = '<li([^>]-)class="b_algo"([^>]-)><h2><a([^>]-)href=[\"|\']([^\"\']-)[\"|\']([^>]-)>'
for s1, s2, s3, title in resp.body:gmatch(regx) do
table.insert(result, title)
end
return stdnse.format_output(true, result)
end