ms15-034.nse

1. -- The Head Section --
2. description = [[Scan for ms15-034 -> https://technet.microsoft.com/library/security/MS15-034]]
3.  
4. ---
5. -- @usage
6. -- nmap --script ./ms15-034.nse <target>
7. -- @output
8. -- PORT   STATE SERVICE
9. -- 80/tcp open  http
10. -- |_ms15-034: Vulnerable
11.  
12. author = "Kl0nEz"
13. license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
14. categories = {"default", "safe"}
15.  
16. local shortport = require "shortport"
17. local http = require "http"
18. local stdnse = require "stdnse"
19. local string = require "string"
20.  
21. -- The Rule Section --
22. portrule = shortport.http
23.  
24. -- The Action Section --
25. action = function(host, port)
26.  
27.     local uri = "/"
28.  
29.     local options = {header={}}
30.     options['header']['User-Agent'] = "Mozilla/5.0 (compatible; ArcticFission)"
31.     options['header']['Host'] = "keep_your_mind_flying"
32.     options['header']['Range'] = "bytes=0-18446744073709551615"
33.  
34.     local response = http.get(host, port, uri, options)
35.    
36.     local title = string.match(response.body, "<[Tt][Ii][Tt][Ll][Ee][^>]*>([^<]*)</[Tt][Ii][Tt][Ll][Ee]>")
37.    
38.     if ( title == "Requested Range Not Satisfiable" ) then
39.     return "Vulnerable"
40.     else
41.     return "Can't check"
42.     end
43.  
44. end