Nmap http-internal-ip-disclosure NSE Script
This page contains detailed information about how to use the http-internal-ip-disclosure NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/http-internal-ip-disclosure.nse
Script categories: vuln, discovery, safe
Target service / protocol: http, https
Target network port(s): 80, 443, 631, 7080, 8080, 8443, 8088, 5800, 3872, 8180, 8000
List of CVEs: -
Script Description
The http-internal-ip-disclosure.nse script determines if the web server leaks its internal IP address when sending an HTTP/1.0 request without a Host header.
Some misconfigured web servers leak their internal IP address in the response headers when returning a redirect response. This is a known issue for some versions of Microsoft IIS, but affects other web servers as well.
Http-internal-ip-disclosure NSE Script Arguments
This is a full list of arguments supported by the http-internal-ip-disclosure.nse script:
http-internal-ip-disclosure.pathPath to URI. Default: /
- - -
To use this script argument, add it to Nmap command line like in this example:
nmap --script=http-internal-ip-disclosure --script-args http-internal-ip-disclosure.path=value <target>
Http-internal-ip-disclosure NSE Script Example Usage
Here's an example of how to use the http-internal-ip-disclosure.nse script:
nmap --script http-internal-ip-disclosure <target>
nmap --script http-internal-ip-disclosure --script-args http-internal-ip-disclosure.path=/path <target>
Http-internal-ip-disclosure NSE Script Example Output
Here's a sample output from the http-internal-ip-disclosure.nse script:
80/tcp open http syn-ack
| http-internal-ip-disclosure:
|_ Internal IP Leaked: 10.0.0.2
Http-internal-ip-disclosure NSE Script Example XML Output
Here's a sample XML output from the http-internal-ip-disclosure.nse script produced by providing the -oX <file>
Nmap option:
<elem key="Internal IP Leaked">10.0.0.2</elem>
Author
- Josh Amishav-Zlatin
References
- https://nmap.org/nsedoc/scripts/http-internal-ip-disclosure.html
- https://github.com/nmap/nmap/tree/master/scripts/http-internal-ip-disclosure.nse
See Also
Visit Nmap NSE Library for more scripts.
Version
This page has been created based on Nmap version 7.92.