Nmap Development mailing list archives
Re: Updates to http-enum.nse
From: Fyodor <fyodor () insecure org>
Date: Fri, 21 Aug 2009 23:47:39 -0700
On Fri, Aug 21, 2009 at 09:09:06AM -0500, Ron wrote:
I agree that the script should only show 200 by default, but give an option to show others. That makes sense. You're going to miss hidden folders, by by default Apache hides certain things so that kinda makes sense.
Sounds reasonable. If there are cases where we want to show other status codes, perhaps the signature line format could be modified to permit that.
Regarding including the status code, that is sort of an issue with the different purposes of Yokoso vs Nmap. Yokoso doesn't care what the status code is, but rather a binary: the user has been to the page, or the user hasn't. Nmap, on the other hand, cares of the page exists. I'm sure there must be a way to get the best of both worlds, of course -- maybe optional fields or something?
Good point.
Another serious issue involves inclusion of the Yokoso DB. You say:
It looks like they are OK with the Nmap license, so it is OK to put in as long as we note that permission (and I'd even suggest a link to http://seclists.org/nmap-dev/2009/q3/0685.html.
I think the best bet is to have multiple fingerprint files of the same format. Yokoso, defaults, extended, etc. Then the script can load whatever it sees fit.
That seems reasonable.
Is it ok if I commit what I have in http-enum.nse? I'll leave out the yokoso file for now, and provide instructions to download it. I strongly suspect that the current http-enum.nse works at least as well as the previous version.
That sounds fine to me. It sounds like you've already tested it quite a bit. The Yokoso file is now fine from a copyright perspective (subject to ther permissions text being added). However, it sounds like some of the improvements we've discussed may be warranted before inclusion of that part. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Updates to http-enum.nse Ron (Aug 20)
- Re: Updates to http-enum.nse Fyodor (Aug 21)
- Re: Updates to http-enum.nse Ron (Aug 21)
- Re: [Yokoso-devel] Updates to http-enum.nse Kevin Johnson (Aug 21)
- Re: [Yokoso-devel] Updates to http-enum.nse Fyodor (Aug 22)
- Re: Updates to http-enum.nse Fyodor (Aug 22)
- Re: Updates to http-enum.nse Ron (Aug 22)
- Re: Updates to http-enum.nse Ron (Aug 22)
- Re: Updates to http-enum.nse Fyodor (Aug 22)
- Re: Updates to http-enum.nse Ron (Aug 21)
- Re: Updates to http-enum.nse Fyodor (Aug 21)
- Re: Updates to http-enum.nse David Fifield (Aug 23)
- Re: Updates to http-enum.nse Ron (Aug 23)