Nmap Development mailing list archives
Status Report #15 of 17
From: Joao Correa <joao () livewire com br>
Date: Tue, 4 Aug 2009 04:13:26 -0300
Accomplishments: - Finished some modularization improvements in HTTP - Many improvements in HTTP Pipelining: -- Transparently deal with servers that do not support pipelining -- Number of requests change dynamically depending on results received -- Fixed maximum number of simultaneous pipeline requests -- Implemented HEAD pipeline - Implemented sql-injection using pipeline and made comparison between both implementations* - Fixed a bug in sql-injection that leaded the script to discard positive results (due to 500 status code, internal server error not being considered a valid result) - Made possible to pass the maxdepth as argument to sql-injection - Applied pipelining to http-enum.nse Priorities: - Write a "pipeline aware" request function, that is able to handle with timeout and make better use of the open socket. - Check for new priorities on tomorrow's meeting * Indeed pipelining provided very good results. I've tested it with a small set of web applications so far, and, for the sql-injection.nse script, I could notice that the performance was not harmed by the pipeline when pipelining was not supported. With pipeline support I've noticed an amazing performance increase: A scan that usually takes 11804 secs (more than 1100 malicious requests) was done with only 2090 secs. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Status Report #15 of 17 Luis M. (Aug 03)
- <Possible follow-ups>
- Status Report #15 of 17 J Marlow (Aug 03)
- Re: Status Report #15 of 17 ithilgore (Aug 03)
- Re: Status Report #15 of 17 Patrick Donnelly (Aug 03)
- Re: Status Report #15 of 17 venkat sanaka (Aug 03)
- Re: Status Report #15 of 17 ithilgore (Aug 03)
- Status Report #15 of 17 Joao Correa (Aug 04)