Nmap Development mailing list archives
Re: [NSE] [patch] Big changes to http-enum.nse
From: Ron <ron () skullsecurity net>
Date: Sun, 17 Oct 2010 13:52:27 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know I replied to this email earlier, but I don't see it in my inbox or the nmap-dev info page which is kind of odd. In any case, I decided to go back and re-think the database file design a lot. Now, it's a .lua file. Each entry is a table with the following fields: - -- Possible fields: - -- path (string or array) - -- verb (optional; default: 'GET') - -- array of matches (order that they'll be checked) - -- -> include (optional) - -- -> don't include (optional) - -- -> output - -- ignore_404 (optional; default: false) - -- severity (1 = info, 5 = critical) (optional; default: 1) For example: table.insert(fingerprints, { path='/phpmyadmin/', verb='GET' matches={ {match='PhpMyAdmin (.*)', output='Found PhpMyAdmin version \1'}, {output='Found PhpMyAdmin, unknown version'} }, ignore_404=false severity=3} ) I don't have any good checks yet, just basic file checks, but that's how it could potentially look. You can have as many entries in the 'match' table as you want. I'm attaching my fingerprint database converted to .lua format. I haven't commented it yet or written the code to read it, but I think this is a good mix of everything we're looking for. Thoughts? Ron -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAky7Re8ACgkQ2t2zxlt4g/Ta9ACglBF+l00l7/EeMFBts481zBNF UlAAnjrhVZHbIiExggtqmL5pImEALnq2 =ADiE -----END PGP SIGNATURE-----
Attachment:
http-fingerprints.lua
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] [patch] Big changes to http-enum.nse Ron (Oct 16)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrick Donnelly (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 21)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)