Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Script for parsing Apache server-status page #322

Closed
wants to merge 4 commits into from
Closed

Script for parsing Apache server-status page #322

wants to merge 4 commits into from

Conversation

EricGershman
Copy link

server-status NSE Script

The Apache mod_status module is used to monitor the performance and activity of an Apache web server. The http-apache-server-status.nse script detects the existence of an Apache mod_status server-status page and attempts to parse useful information such as the Apache version and recent HTTP requests.

Examples

http-apache-server-status.nse running against Ubuntu 15.04 with Apache2 installed:

$ sudo a2enmod status && sudo systemctl restart apache2
Enabling module status.
To activate the new configuration, you need to run:
  service apache2 restart
$ nmap -p 80 --script http-apache-server-status.nse example.com

Starting Nmap 7.01SVN ( https://nmap.org ) at 2016-03-12 23:55 UTC
Nmap scan report for example.com (127.0.1.1)
Host is up (0.00011s latency).
rDNS record for 127.0.1.1: www.example.com
PORT   STATE SERVICE
80/tcp open  http
| http-apache-server-status: 
|   Heading: Apache Server Status for example.com (via 127.0.1.1)
|   Server Version:  Apache/2.4.12 (Ubuntu)
|   Server Built:  Jul 24 2015 15:59:00
|   Server Uptime:   10 seconds
|   Server Load:  0.00 0.01 0.05
|   Requests: 
|_    www.example.com:80    GET /server-status HTTP/1.1

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds

An example with the status module disabled:

$ sudo a2dismod status && sudo systemctl restart apache2
Module status disabled.
To activate the new configuration, you need to run:
  service apache2 restart
$$ nmap -p 80 --script http-apache-server-status.nse example.com

Starting Nmap 7.01SVN ( https://nmap.org ) at 2016-03-12 23:57 UTC
Nmap scan report for example.com (127.0.1.1)
Host is up (0.00011s latency).
rDNS record for 127.0.1.1: www.example.com
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds

$ nmap -d -p 80 --script http-apache-server-status.nse example.com | grep Fail
NSE: [http-apache-server-status 127.0.1.1:80] Failed to retrieve: /server-status

An example of the status module disabled with a non-mod_status page hosted at /server-status:

$ sudo cp /var/www/html/index.html /var/www/html/server-status
$ sudo chown www-data:www-data /var/www/html/server-status 
$ nmap -p 80 --script http-apache-server-status.nse example.com

Starting Nmap 7.01SVN ( https://nmap.org ) at 2016-03-05 19:40 UTC
Nmap scan report for example.com (127.0.1.1)
Host is up (0.00011s latency).
rDNS record for 127.0.1.1: www.example.com
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
$ nmap -d -p 80 --script http-apache-server-status.nse example.com | grep mod_status
NSE: [http-apache-server-status 127.0.1.1:80] /server-status does not appear to be a mod_status page

References

The Apache mod_status module is used to monitor the performance and activity of an Apache web server. The http-apache-server-status.nse script detects the existence of an Apache mod_status server-status page and attempts to parse useful information such as the Apache version and recent HTTP requests.
@fgeek
Copy link

fgeek commented Mar 6, 2016

Acked-by: Henri Salo henri@nerv.fi
👍

Limited the results table output to unique vhost & URI combinations based on recommendations from http://seclists.org/nmap-dev/2016/q1/256.
@dmiller-nmap
Copy link

Thanks, awesome! I reduced the requests part to just the VHosts, and added extraction of the Apache version in subsequent commits. Glad to have your contribution!

@nmap-bot nmap-bot closed this in a4b81f3 Mar 14, 2016
@EricGershman
Copy link
Author

@dmiller-nmap Thanks for all your help, the improvements look great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants