Nmap Development mailing list archives
Re: [NSE] [patch] Big changes to http-enum.nse
From: Ron <ron () skullsecurity net>
Date: Sun, 17 Oct 2010 11:22:55 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 17 Oct 2010 17:49:48 +0200 Patrik Karlsson <patrik () cqure net> wrote:
Well, sorry for being so problem oriented but I thought of one more thing. With the current design it's easy and flexible to discover applications that user their default urls like eg. /mediawiki However a webmail app may use an url like /webmail /mail or even / In this case a matchline for eg. OWA would need to be duplicated for each alternative. In order to address this I only see the option of separating the probes from the matches and first run all the probes then do all the matching. Maybe I'm missing an obvious solution to this or trying to fit something into the script that is not supposed to go there.
We're thinking of the problem in different ways, and that's good. You're seeing limitations that I totally missed. Although I was hoping to keep this inter-compatible with Nikto, there are definitely too many limitations to that format. We need more flexible metadata with each fingerprint. The easiest way to do this would be the way other configuration files have worked: write it as a lua file. Then we can simply define a table, and create each check as such. That way, we can give an array of URLs, an array of find->display, and other features we can't with the simple .csv format we're using now. That could eliminate the need for the http-directories files, too, because we could add a field to indicate a common directory. So, to take an initial stab at it, and to use a totally fake match string, how's this look? - -- Possible fields: - -- path (string or array) - -- verb (optional; default: 'GET') - -- matches (an array, ordered by how they'll be checked) - -- -> include (optional; default, include all) - -- -> exclude (optional; default, exclude none) - -- -> output - -- ignore_404 (optional; default: false) - -- severity (1 = info, 5 = critical) (optional; default: 1) table.insert(fingerprints, { path='/phpmyadmin/', verb='GET' matches={ {match='PhpMyAdmin (.*)', output='Found PhpMyAdmin version \1'}, {output='Found PhpMyAdmin, unknown version'} }, ignore_404=false severity=3} ) I think that'll cover all your comments, as well as making life easy for me, especially because I don't have to worry about parsing a file. As an added bonus, instead of defining a static array, I can make a fingerprint file that knows how to read a Nikto file and builds that table. So really, it's win-win. We can leverage Nikto, but also have an extendable format. Thoughts? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAky7IuIACgkQ2t2zxlt4g/Ro3wCcD/+glyX3/6SmRfhZyqeqh7Qn ZMYAnjCjwH91RT653SQj192x3BkydPC9 =Bz6V -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] [patch] Big changes to http-enum.nse, (continued)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 21)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 21)
- Re: [NSE] [patch] Big changes to http-enum.nse Jacky Jack (Oct 23)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 26)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 27)
- Re: [NSE] [patch] Big changes to http-enum.nse Martin Holst Swende (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Martin Holst Swende (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Martin Holst Swende (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)