Script for parsing Apache server-status page

[EricGershman]

server-status NSE Script

The Apache mod_status module is used to monitor the performance and activity of an Apache web server. The http-apache-server-status.nse script detects the existence of an Apache mod_status server-status page and attempts to parse useful information such as the Apache version and recent HTTP requests.

Examples

http-apache-server-status.nse running against Ubuntu 15.04 with Apache2 installed:

$ sudo a2enmod status && sudo systemctl restart apache2
Enabling module status.
To activate the new configuration, you need to run:
  service apache2 restart
$ nmap -p 80 --script http-apache-server-status.nse example.com

Starting Nmap 7.01SVN ( https://nmap.org ) at 2016-03-12 23:55 UTC
Nmap scan report for example.com (127.0.1.1)
Host is up (0.00011s latency).
rDNS record for 127.0.1.1: www.example.com
PORT   STATE SERVICE
80/tcp open  http
| http-apache-server-status: 
|   Heading: Apache Server Status for example.com (via 127.0.1.1)
|   Server Version:  Apache/2.4.12 (Ubuntu)
|   Server Built:  Jul 24 2015 15:59:00
|   Server Uptime:   10 seconds
|   Server Load:  0.00 0.01 0.05
|   Requests: 
|_    www.example.com:80    GET /server-status HTTP/1.1

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds

An example with the status module disabled:

$ sudo a2dismod status && sudo systemctl restart apache2
Module status disabled.
To activate the new configuration, you need to run:
  service apache2 restart
$$ nmap -p 80 --script http-apache-server-status.nse example.com

Starting Nmap 7.01SVN ( https://nmap.org ) at 2016-03-12 23:57 UTC
Nmap scan report for example.com (127.0.1.1)
Host is up (0.00011s latency).
rDNS record for 127.0.1.1: www.example.com
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds

$ nmap -d -p 80 --script http-apache-server-status.nse example.com | grep Fail
NSE: [http-apache-server-status 127.0.1.1:80] Failed to retrieve: /server-status

An example of the status module disabled with a non-mod_status page hosted at /server-status:

$ sudo cp /var/www/html/index.html /var/www/html/server-status
$ sudo chown www-data:www-data /var/www/html/server-status 
$ nmap -p 80 --script http-apache-server-status.nse example.com

Starting Nmap 7.01SVN ( https://nmap.org ) at 2016-03-05 19:40 UTC
Nmap scan report for example.com (127.0.1.1)
Host is up (0.00011s latency).
rDNS record for 127.0.1.1: www.example.com
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
$ nmap -d -p 80 --script http-apache-server-status.nse example.com | grep mod_status
NSE: [http-apache-server-status 127.0.1.1:80] /server-status does not appear to be a mod_status page

References

• http://httpd.apache.org/docs/2.4/mod/mod_status.html
• https://blog.sucuri.net/2012/10/popular-sites-with-apache-server-status-enabled.html
• https://www.exploit-db.com/ghdb/1355/
• https://github.com/michenriksen/nmap-scripts

[fgeek]

Acked-by: Henri Salo henri@nerv.fi
👍

[dmiller-nmap]

Thanks, awesome! I reduced the requests part to just the VHosts, and added extraction of the Apache version in subsequent commits. Glad to have your contribution!

[EricGershman]

@dmiller-nmap Thanks for all your help, the improvements look great!