Nmap Development mailing list archives
Re: [NSE] apache-userdir-enum
From: Fyodor <fyodor () insecure org>
Date: Tue, 11 Aug 2009 00:45:07 -0700
On Tue, Aug 11, 2009 at 02:34:51AM +0100, jah wrote:
I've committed the script. With version detection the portrule will limit script execution to Apache, Lighttpd, Nginx and anything with version info field matching 'based on apache'. Without version detection, the script will run against http(s) and http(s)-alt services. This, of course, can be changed in the future if need be. I've categorised the script as 'discovery' only and updated script.db.
Thanks Jah! I like this script, though IMHO the version detection bit is over-optimizing. If it only worked against one obscure server, there would be a lot of efficiency gain in restricting execution to that server. But given that the allowed list likely includes more than half the web servers on the Internet already, the restriction has a smaller benefit compared the confusion it can cause when a script refuses to run just because of the "Server: " string. Also, you never know what servers will support this behavior. Here is a plugin for supporting ~username on IIS: http://brentp.net/2008/04/06/iis-isapi-plugin-support-for-user-home-directories/ Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] apache-userdir-enum jah (Jul 12)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
- Re: [NSE] apache-userdir-enum jah (Aug 10)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
- Re: [NSE] apache-userdir-enum jah (Aug 17)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum jah (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 23)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Sven Klemm (Jul 28)