Index: scripts/http-redfish-query.nse
===================================================================
--- scripts/http-redfish-query.nse	(nonexistent)
+++ scripts/http-redfish-query.nse	(working copy)
@@ -0,0 +1,53 @@
+local comm = require "comm"
+local nmap = require "nmap"
+local http = require "http"
+local json = require "json"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+
+description = [[
+This script will detect if a web server is running the Redfish v1 protocol.
+DMTF's Redfish is a standard designed to deliver simple and secure management for converged, hybrid IT and the Software Defined Data Center (SDDC). Both human readable and machine capable, Redfish leverages common Internet and web services standards to expose information directly to the modern tool chain
+https://redfish.dmtf.org/
+
+This script borrowed output ideas from the http-hp-il0-info script.
+]]
+---
+--@usage nmap --script http-redfish-query -p 80,443 <target>
+--
+--@args
+--  n/a
+--
+--@output
+--| http-redfish-query:
+--|   Product: ProLiant ML110 Gen10
+--|   Vendor: HPE
+--|   RedfishVersion: 1.6.0
+--|   Name: HPE RESTful Root Service
+
+author = "Sean Warnock"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"default", "discovery"}
+
+portrule = shortport.portnumber({80,443}, "tcp")
+
+action = function(host, port)
+  local jsonresponse
+  local path = "/redfish/v1" --\r\n"
+  local response = http.get(host,port,path)
+  local info = stdnse.output_table()
+--
+-- Parse result and confirm if there is a JSON response.
+-- Currently we automatically assume if there is a JSON responses
+--
+    status, jsonresponse = json.parse(response.body)
+    if status then
+      info['Product'] = jsonresponse.Product
+      info['Vendor'] = jsonresponse.Vendor
+      info['RedfishVersion'] = jsonresponse.RedfishVersion
+      info['Name'] = jsonresponse.Name
+      return info
+    else
+      return
+    end
+end