nmap -- [nse - scripts] - http-title

root@gnu:~/nmap/scripts# nmap -Pn -sS -p 80 --script /home/offensive/nmap/script/http-title.nse www.baidu.com

Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-08 22:44 EDT
Nmap scan report for www.baidu.com (119.75.217.56)
Host is up (0.0047s latency).
Other addresses for www.baidu.com (not scanned): 119.75.218.77
PORT   STATE SERVICE
80/tcp open  http
| http-title:
|   body: <!DOCTYPE html>
| <html>
| <head>
| <meta charset="gbk">
| <title>\xB0\xD9\xB6\xC8--\xC4\xFA\xB5\xC4\xB7\xC3\xCE\xCA\xB3\xF6\xB4\xED\xC1\xCB</title>
| <style type="text/css">
|     body{margin:0;padding:0;font-size:14px;font-family:"\xCB\xCE\xCC\xE5",Arial, Helvetica, sans-serif;}
|     img,ul,li,form,h2,ol{border:0;padding:0;margin:0;list-style:none;}
|     .cl{clear:both;height:0px;line-height:0px;font-size:0px;overflow:hidden;}
|     input{vertical-align:middle;}
|     a:link{color:#0033cc}
|     a:visited{color:#800080;}
|     a:hover{color:#800080;}
|     a:actived{color:#800080;}
|     #content{width:95%;align:center;margin:0 auto  0;}
|     .logo{float:left;width:141px;margin:10px 0 0 0;}
|     .title{float:right;width:;line-height:24px;background:#e5ecf9;margin:20px 0 0 0;padding-left:8px;}
|     .title a{margin-left:320px;}
|     .tip{font-size:18px;margin:25px 0 25px 5px;*margin:25px 0 25px 5px;}
|     .reason{margin:25px 0 33px 5px;*margin:25px 0 30px 5px;}
|     .reason li{line-height:24px;height:24px;}
|     .searchbox{margin:0 0 40px 8px;*margin:0 0 40px 8px;}
|     .help{margin:0 0 100px 5px;}
|     .footer{margin:50px 0 20px 0;*margin:50px 0 20px 0;text-align:center;color:#666666;}
|     .footer a{color:#666666;}
| </style>
| </head>
| <body>
| <table border="0" width="95%" align="center">
|     <tr height="60">
|         <td height="65" valign="top" width="141"><a href="http://www.baidu.com/"><img border="0" src="http://www.baidu.com/search/img/logo.gif" alt="\xB5\xBD\xB0\xD9\xB6\xC8\xCA\xD7\xD2\xB3" /></a></td>
|         <td valign="bottom">
|             <table border="0" cellspacing="0" cellpadding="0" width="100%">
|                 <tr bgcolor="#e5ecf9">
|                     <td height="24">&nbsp;<b class="p1">\xC4\xFA\xB5\xC4\xB7\xC3\xCE\xCA\xB3\xF6\xB4\xED\xC1\xCB</b></td>
|                     <td class="p2" height="24"><div align="right"><a href="http://www.baidu.com/">\xB0\xD9\xB6\xC8\xCA\xD7\xD2\xB3</a>  |  <a href="http://www.baidu.com/search/jiqiao.html">\xB0\xEF\xD6\xFA\xD6\xD0\xD0\xC4</a> &nbsp;</div></td>
|                 </tr>
|                 <tr><td class="p2" height="20" colspan="2"></td></tr>
|             </table>
|         </td>
|     </tr>
| </table>
| <div id="content">
|     <h2 class="tip" style="padding-left:144px"><p>\xBA\xDC\xB1\xA7\xC7\xB8\xA3\xAC\xC4\xFA\xD2\xAA\xB7\xC3\xCE\xCA\xB5\xC4\xD2\xB3\xC3\xE6\xB2\xBB\xB4\xE6\xD4\xDA!<br><br></p><hr color="#dddddd" size="1"></h2>
| </div>
| <div id="content">
| <ol class="reason" style="padding-left:144px">
|         <li> 1. \xC7\xEB\xBC\xEC\xB2\xE9\xC4\xFA\xB7\xC3\xCE\xCA\xB5\xC4\xCD\xF8\xD6\xB7\xCA\xC7\xB7\xF1\xD5\xFD\xC8\xB7\xA1\xA3</li><br>
|         <li> 2. \xC8\xE7\xB9\xFB\xC4\xFA\xB2\xBB\xC4\xDC\xC8\xB7\xC8\xCF\xB7\xC3\xCE\xCA\xB5\xC4\xCD\xF8\xD6\xB7\xA3\xAC\xC7\xEB\xE4\xAF\xC0\xC0<a href="http://www.baidu.com/more/index.html">\xB0\xD9\xB6\xC8\xB8\xFC\xB6\xE0</a>\xD2\xB3\xC3\xE6\xB2\xE9\xBF\xB4\xB8\xFC\xB6\xE0\xCD\xF8\xD6\xB7\xA1\xA3</li><br>
|         <li> 3. \xD6\xB1\xBD\xD3\xCB\xD1\xCB\xF7\xD2\xAA\xB2\xE9\xD5\xD2\xB5\xC4\xC4\xDA\xC8\xDD\xA3\xBA</li>
|     <li class="searchbox"><br>
|         <form action="http://www.baidu.com/s" name="f">
|             <input type="text" name="wd" size="35" maxlength="100"><input type="hidden" name="cl" value="3"><input type="hidden" name="tn" value="baiduerr"><input type="submit" value="\xB0\xD9\xB6\xC8\xD2\xBB\xCF\xC2">
|       </form></li>
|     <li class="help">
|       4.\xC8\xE7\xD3\xD0\xC8\xCE\xBA\xCE\xD2\xE2\xBC\xFB\xBB\xF2\xBD\xA8\xD2\xE9\xA3\xAC\xC7\xEB\xBC\xB0\xCA\xB1<a href="http://qingting.baidu.com/">\xB7\xB4\xC0\xA1\xB8\xF8\xCE\xD2\xC3\xC7</a>\xA1\xA3
|         <br><br><br>
|         <b>\xCD\xC6\xBC\xF6\xC4\xFA\xB7\xC3\xCE\xCA\xA3\xBA</b><a href="http://news.baidu.com/">\xD0\xC2\xCE\xC5</a>\xA1\xA1<a href="http://tieba.baidu.com/">\xCC\xF9\xB0\xC9</a>\xA1\xA1<a href="http://zhidao.baidu.com/">\xD6\xAA\xB5\xC0</a>\xA1\xA1<a href="http://music.baidu.com/">\xD2\xF4\xC0\xD6</a>\xA1\xA1<a href="http://image.baidu.com/">\xCD\xBC\xC6\xAC</a>\xA1\xA1<a href="http://video.baidu.com/">\xCA\xD3\xC6\xB5</a>\xA1\xA1<a href="http://map.baidu.com/">\xB5\xD8\xCD\xBC</a>\xA1\xA1<a href="http://baike.baidu.com/">\xB0\xD9\xBF\xC6</a>\xA1\xA1<a href="http://wenku.baidu.com/">\xCE\xC4\xBF\xE2</a>\xA1\xA1<a href="http://www.hao123.com/">hao123</a>
|     </li>\xA1\xA1</ol>
|
|     <div class="footer">&#169; 2014 Baidu&nbsp;<a href="http://www.baidu.com/duty/index.html">\xC3\xE2\xD4\xF0\xC9\xF9\xC3\xF7</a></div>
| </div>
| </body>
| </html>
|   header:
|     cache-control: max-age=86400
|     server: Apache
|     content-type: text/html
|     last-modified: Tue, 31 Dec 2013 07:53:50 GMT
|     connection: Close
|     expires: Fri, 10 Oct 2014 02:44:54 GMT
|     vary: Accept-Encoding,User-Agent
|     date: Thu, 09 Oct 2014 02:44:54 GMT
|     content-length: 3349
|     set-cookie: BAIDUID=9EE14A69D1C859B9E344E25F35B37D37:FG=1; expires=Fri, 09-Oct-15 02:44:54 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
|     etag: "d15-4eecfdc639f80"
|     p3p: CP=" OTI DSP COR IVA OUR IND COM "
|     accept-ranges: bytes
|   status: 200
|   ssl: false
|   location:
|     http://www.baidu.com/search/error.html
|   cookies:
|     
|       path: /
|       value: 9EE14A69D1C859B9E344E25F35B37D37:FG=1
|       domain: .baidu.com
|       expires: Fri, 09-Oct-15 02:44:54 GMT
|       name: BAIDUID
|       max-age: 31536000
|       version: 1
|   rawheader:
|     Date: Thu, 09 Oct 2014 02:44:54 GMT
|     Server: Apache
|     P3P: CP=" OTI DSP COR IVA OUR IND COM "
|     Set-Cookie: BAIDUID=9EE14A69D1C859B9E344E25F35B37D37:FG=1; expires=Fri, 09-Oct-15 02:44:54 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
|     Last-Modified: Tue, 31 Dec 2013 07:53:50 GMT
|     ETag: "d15-4eecfdc639f80"
|     Accept-Ranges: bytes
|     Content-Length: 3349
|     Cache-Control: max-age=86400
|     Expires: Fri, 10 Oct 2014 02:44:54 GMT
|     Vary: Accept-Encoding,User-Agent
|     Connection: Close
|     Content-Type: text/html
|     
|_  status-line: HTTP/1.1 200 OK

Nmap done: 1 IP address (1 host up) scanned in 0.81 seconds
-- The Head Section --
description = [[
Shows the title of the default page of a web server.

The script will follow no more than one HTTP redirect, and only if the
redirection leads to the same host. The script may send a DNS query to
determine whether the host the redirect leads to has the same IP address as
the original target.
]]

author = "Diman Todorov"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"default", "discovery", "safe"}

local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"

-- The Rule Section --
portrule = shortport.http

-- The Action Section --
action = function(host, port)

    local response, redirect_url, status, title
    local url = "/index.html"

    response = http.get(host, port, url)

    -- check for a redirect
    -- return response.header["server"]                                                                                          -- return response.status-line -- Error

    if response.location then
        redirect_url = response.location[#response.location]
        status = response.status

        if status and tostring(status):match("30%d") then
            return {redirect_url = redirect_url}, ("Did you follow redirect to %s"):format(redirect_url)
        end
    end

    if (not(response.body)) then
        return
    end

    -- try and match title tags
    --  <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
    title = response.body:match("<[Tt][Ii][Tt][Ll][Ee][^>]*>([^<]*)</[Tt][Ii][Tt][Ll][Ee]>")

    local display_title = title

    if display_title and display_title ~= "" then
        display_title = string.gsub(display_title, "[\n\r\t]", "")
        if #display_title > 65 then
            display_title = string.sub(display_title, 1, 62) .. "..."
        end
    else
        display_title = "Site doesn't have a title"
        if (response.header and response.header["content-type"]) then
            display_title = display_title .. (" (%s) ."):format(response.header["content-type"])
        else
            display_title = display_title .. "."
        end
    end

    local output_tab = stdnse.output_table()
    output_tab.title = title
    output_tab.redirect_url = redirect_url

    local output_str = display_title
    if redirect_url then
        output_str = output_str .. "\n" .. ("Requested resource was %s"):format(redirect_url)
    end

    return output_tab, output_str
end

local response = http.get(host, port, url)

response.body
response.header
response.status
response.ssl
response.location
response.cookies
response.rawheader
response.status-line