blob: 2f4b3431883c15e42e996b0002959f6aad1f07d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
function Get-HttpStatus {
<#
.SYNOPSIS
PowerSploit Module - Get-HttpStatus
Returns the HTTP Status Codes and full URL for specified paths.
Author: Chris Campbell (@obscuresec)
License: BSD 3-Clause
.DESCRIPTION
A script to check for the existence of a path or file on a webserver.
.PARAMETER Target
Specifies the remote web host either by IP or hostname.
.PARAMETER Path
Specifies the remost host.
.PARAMETER Port
Specifies the port to connect to.
.PARAMETER UseSSL
Use an SSL connection.
.EXAMPLE
PS > Get-HttpStatus -Target www.example.com -Path c:\dictionary.txt | Select-Object {where StatusCode -eq 20*}
.EXAMPLE
PS > Get-HttpStatus -Target www.example.com -Path c:\dictionary.txt -UseSSL
.NOTES
HTTP Codes: 100 - Informational * 200 - Success * 300 - Redirection * 400 - Client Error * 500 - Server Error
Status Codes: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
.LINK
http://obscuresecurity.blogspot.com
#>
[CmdletBinding()] Param(
[Parameter(Mandatory = $True)] [String] $Target,
[Parameter()] [String] [ValidateNotNullOrEmpty()] $Path = '.\Dictionaries\admin.txt',
[Parameter()] [Int] $Port,
[Parameter()] [Switch] $UseSSL
)
if (Test-Path $Path) {
if ($UseSSL -and $Port -eq 0) {
# Default to 443 if SSL is specified but no port is specified
$Port = 443
} elseif ($Port -eq 0) {
# Default to port 80 if no port is specified
$Port = 80
}
$TcpConnection = New-Object System.Net.Sockets.TcpClient
Write-Verbose "Path Test Succeeded - Testing Connectivity"
try {
# Validate that the host is listening before scanning
$TcpConnection.Connect($Target, $Port)
} catch {
Write-Error "Connection Test Failed - Check Target"
$Tcpconnection.Close()
Return
}
$Tcpconnection.Close()
} else {
Write-Error "Path Test Failed - Check Dictionary Path"
Return
}
if ($UseSSL) {
$SSL = 's'
# Ignore invalid SSL certificates
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
} else {
$SSL = ''
}
if (($Port -eq 80) -or ($Port -eq 443)) {
$PortNum = ''
} else {
$PortNum = ":$Port"
}
# Check Http status for each entry in the doctionary file
foreach ($Item in Get-Content $Path) {
$WebTarget = "http$($SSL)://$($Target)$($PortNum)/$($Item)"
$URI = New-Object Uri($WebTarget)
try {
$WebRequest = [System.Net.WebRequest]::Create($URI)
$WebResponse = $WebRequest.GetResponse()
$WebStatus = $WebResponse.StatusCode
$ResultObject += $ScanObject
$WebResponse.Close()
} catch {
$WebStatus = $Error[0].Exception.InnerException.Response.StatusCode
if ($WebStatus -eq $null) {
# Not every exception returns a StatusCode.
# If that is the case, return the Status.
$WebStatus = $Error[0].Exception.InnerException.Status
}
}
$Result = @{ Status = $WebStatus;
URL = $WebTarget}
$ScanObject = New-Object -TypeName PSObject -Property $Result
Write-Output $ScanObject
}
}
|