cr0hn · February 3, 2023 18:01
diff --git a/http-websocket-test.nse b/http-websocket-test.nse
 local shortport = require "shortport"
 local stdnse = require "stdnse"

 description = [[
 Detects whether the given server is running a WebSocket service on its root
 directory.
 ]]

 ---
 -- @usage
 -- nmap -p 80,443 --script http-websocket-test <target>
 --
 -- @output
 -- PORT     STATE  SERVICE
 -- 80/tcp   open   http
 -- |_http-websocket-test: Websocket detected (WebSocket++/0.2.1dev)

 author = "Original author: Jacek Wielemborek. Improved by: Daniel Garcia (cr0hn)"

 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

 categories = { "default", "discovery", "safe" }

 portrule = shortport.ssl
 portrule = shortport.http

 action = function(host, port)
 	local status, err, response
 	local socket = nmap.new_socket()

 	socket:connect(host.ip, port)
 	status, err = socket:send("GET / HTTP/1.1\r\n" ..
 	  "Upgrade: websocket\r\n" ..
 	  "Connection: Upgrade\r\n" ..
 	  "Host: " .. stdnse.get_hostname(host) .. "\r\n" ..
 	  "Sec-WebSocket-Key: AIRcKHNkSl6fYaPxjJgs+A==\r\n" ..
 	  "Sec-WebSocket-Version: 13\r\n\r\n")
 	status, response = socket:receive_bytes(0)

 	if response:find("Web Socket Protocol Handshake") or response:find("101 Switching Protocols") then
 	  total_len = string.len(response)
 	  st = string.find(response, "Server:")
 	  se = string.find(string.sub(response, st, total_len), "\r") - 1
 	  banner = string.sub(response, st + string.len("Server: "), st + se)

 	  return "Websocket detected (" .. banner .. ")"

 	end
 end
	local shortport = require "shortport"
	local stdnse = require "stdnse"

	description = [[
	Detects whether the given server is running a WebSocket service on its root
	directory.
	]]

	---
	-- @usage
	-- nmap -p 80,443 --script http-websocket-test <target>
	--
	-- @output
	-- PORT STATE SERVICE
	-- 80/tcp open http
	-- \|_http-websocket-test: Websocket detected (WebSocket++/0.2.1dev)

	author = "Original author: Jacek Wielemborek. Improved by: Daniel Garcia (cr0hn)"

	license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

	categories = { "default", "discovery", "safe" }

	portrule = shortport.ssl
	portrule = shortport.http

	action = function(host, port)
	local status, err, response
	local socket = nmap.new_socket()

	socket:connect(host.ip, port)
	status, err = socket:send("GET / HTTP/1.1\r\n" ..
	"Upgrade: websocket\r\n" ..
	"Connection: Upgrade\r\n" ..
	"Host: " .. stdnse.get_hostname(host) .. "\r\n" ..
	"Sec-WebSocket-Key: AIRcKHNkSl6fYaPxjJgs+A==\r\n" ..
	"Sec-WebSocket-Version: 13\r\n\r\n")
	status, response = socket:receive_bytes(0)

	if response:find("Web Socket Protocol Handshake") or response:find("101 Switching Protocols") then
	total_len = string.len(response)
	st = string.find(response, "Server:")
	se = string.find(string.sub(response, st, total_len), "\r") - 1
	banner = string.sub(response, st + string.len("Server: "), st + se)

	return "Websocket detected (" .. banner .. ")"

	end
	end