I recently had a need for a Drupal fingerprint NSE script for an engagement. Through some research I stumbled upon a promising NSE Lua script to get the job done. Unfortunately, it seems like the author ceased the support for this script and the script was never officially incorporated into the Nmap NSE library. I decided to try and use the script anyways.
Upon attempting to run the script via the Nmap engine, I encountered an "invalid escape sequence" error. Not possessing any Lua programming experience, this error stopped me dead in my tracks. I am hoping someone with Lua experience would be able to help troubleshoot what looks like may be a pretty simple fix to the problem.
The error code is as follows:
[email protected]:~# nmap --script=http-drupal-fingerprint.nse --script-args http-drupal-fingerprint.base-url=/ www.placeholder.com Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-26 12:33 EDT NSE: failed to initialize the script engine: /usr/bin/../share/nmap/nse_main.lua:259: /usr/bin/../share/nmap/scripts/http-drupal-fingerprint.nse:47: invalid escape sequence near '"Drupal [4-7].' stack traceback: [C]: in function 'assert' /usr/bin/../share/nmap/nse_main.lua:259: in upvalue 'loadscript' /usr/bin/../share/nmap/nse_main.lua:601: in field 'new' /usr/bin/../share/nmap/nse_main.lua:828: in local 'get_chosen_scripts' /usr/bin/../share/nmap/nse_main.lua:1315: in main chunk [C]: in ? QUITTING!
The script was imported into the NSE library as so:
curl -ksL https://raw.githubusercontent.com/r3dh4nds/NSE-Drupal-Fingerprint/master/http-drupal-fingerprint.nse >> /usr/share/nmap/scripts/http-drupal-fingerprint.nse && chmod 0644 /usr/share/nmap/scripts/http-drupal-fingerprint.nse
I am including the original source of the script from SecLists: https://seclists.org/nmap-dev/2011/q2/490
Any help much appreciated! (Sorry if this question is somehow not formatted correctly, first post)securityluanmapnse
As I suspected it was a simple fix. Removed the invalid escape sequences at:
local expression = "Drupal [4-7]\.[0-9][0-9]?\.?[0-9], "
local expression = "Drupal [4-7].[0-9][0-9]?.?[0-9], "
and got rid of that error.
Drupal detection in Nmap is now done with the http-enum script. You can add
--script-args http-enum.category=cms to limit the number of enumeration probes sent to only those which would detect Drupal. You may also be interested in the http-drupal-enum and http-drupal-enum-users scripts, as well as http-form-brute which can brute-force Drupal authentication.