Nmap Development mailing list archives
Re: [NSE] apache-userdir-enum
From: Ron <ron () skullsecurity net>
Date: Sat, 22 Aug 2009 19:48:23 -0500
On 08/22/2009 04:59 PM, jah wrote:
On 22/08/2009 22:41, Ron wrote:Since duplicating effort is always bad, maybe I'll make a http-helper.lua nselib (or maybe even add to http.lua?) the functions that let me do this, and document them. Then we can use those for both http-enum.nse and apache-userdir-enum. Let me know if you guys think it's a good idea and I'll go ahead and do it.Yes, good idea.
All right, r15233 contains an updated version of http-userdir-enum.nse that uses the logic I wrote (HEAD requests when possible, decent 200-page detection, etc).
Check it out and let me know what you think! I haven't done significant testing yet, since I don't have access to much unless I'm at work (at home I just use "-iR 1000" to find stuff, but I'm always paranoid I'll get in trouble :) ). That being said, it seems to work nicely against the stuff I DO have:
--$ ./nmap --script=http-enum,http-userdir-enum -p80 -T4 www.javaop.com
Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-22 19:47 CDT NSE: Script Scanning completed. Interesting ports on test.skullsecurity.org (208.81.2.52): PORT STATE SERVICE 80/tcp open http |_ http-userdir-enum: Potential Users: root, admin, test | http-enum: | /icons/ Icons and images | /robots.txt Robots file | /sw/auth/login.aspx Citrix WebTop | /images/outlook.jpg Outlook Web Access | /nfservlets/servlet/SPSRouterServlet/ netForensics |_ /nfservlets/servlet/SPSRouterServlet/ netForensics -- Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] apache-userdir-enum jah (Jul 12)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
- Re: [NSE] apache-userdir-enum jah (Aug 10)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
- Re: [NSE] apache-userdir-enum jah (Aug 17)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum jah (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 23)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Sven Klemm (Jul 28)