Nmap Development mailing list archives
Re: [NSE] apache-userdir-enum
From: Ron <ron () skullsecurity net>
Date: Sat, 22 Aug 2009 16:41:10 -0500
On 07/28/2009 08:10 PM, jah wrote:
The reason I didn't go for HEAD requests is mainly due to some server configurations which result in different responses for HEAD and GET requests for the same resource (without regard for the HTTP standard). It would be possible to test whether a server responds incorrectly for a HEAD request for a single resource and then to make an assumption about how it will handle requests for other resources, but I think it's safer (and less hassle) not to bother. There also seems to be very little difference in speed when making HEADs compared to GETs - I've only done limited testing in this regard, but what I have done has resulted in less than 1% difference and not always in favour of HEADs.
http-enum.nse has a good way of automatically determining if HEAD is enabled, as well as ways to detect custom 404 pages that show up as 200 and other tricks.
Since duplicating effort is always bad, maybe I'll make a http-helper.lua nselib (or maybe even add to http.lua?) the functions that let me do this, and document them. Then we can use those for both http-enum.nse and apache-userdir-enum. Let me know if you guys think it's a good idea and I'll go ahead and do it.
One little change I'd request, though -- would it make more sense to call it http-userdir-enum.nse? I totally missed your script earlier because I was looking for http-* scripts (I thought about it today when I was looking at DirBuster stuff and found their list of their 10,000-most-common userdirs.
On a sidenote, it might be worth documenting how to use DirBuster's list in place of the built in one. It'd be significantly longer, but the DirBuster list is ordered by frequency so it could be chopped to the top 1000 or whatever pretty easily. It might even be worth seeing if they'd contribute their lists to Nmap. The lists are licensed under "Creative Commons Attribution-Share Alike 3.0 License" (http://creativecommons.org/licenses/by-sa/3.0/), not sure if that's compatible.
Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] apache-userdir-enum jah (Jul 12)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
- Re: [NSE] apache-userdir-enum jah (Aug 10)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
- Re: [NSE] apache-userdir-enum jah (Aug 17)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum jah (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 23)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Sven Klemm (Jul 28)