Re: [NSE] apache-userdir-enum

[Fyodor <fyodor () insecure org>]

On Tue, Aug 11, 2009 at 02:34:51AM +0100, jah wrote:
> I've committed the script.  With version detection the portrule will
> limit script execution to Apache, Lighttpd, Nginx and anything with
> version info field matching 'based on apache'.  Without version
> detection, the script will run against http(s) and http(s)-alt
> services.  This, of course, can be changed in the future if need be.
>
> I've categorised the script as 'discovery' only and updated script.db.

Thanks Jah!  I like this script, though IMHO the version detection bit
is over-optimizing.  If it only worked against one obscure server,
there would be a lot of efficiency gain in restricting execution to
that server.  But given that the allowed list likely includes more
than half the web servers on the Internet already, the restriction has
a smaller benefit compared the confusion it can cause when a script
refuses to run just because of the "Server: " string.  Also, you never
know what servers will support this behavior.  Here is a plugin for
supporting ~username on IIS:

http://brentp.net/2008/04/06/iis-isapi-plugin-support-for-user-home-directories/

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org