Nmap Development mailing list archives

Re: http-vhosts.nse ready for beta

From: David Fifield <david () bamsoftware com>
Date: Mon, 29 Nov 2010 12:04:37 -0800

On Tue, Nov 16, 2010 at 05:17:05PM -0800, Carlos Pantelides wrote:

Hi:

Following the advice of Martin about portrule and the hints from
Patrick about unpwdb, I have done very drastic adjustments that
include unpwdb.lua too. I know that it is not a precise indicator, but
235 lines down to 138 obtaining the same results, seems ok.

I would greatly appreciate any feedback.


Thank you for working on this script. Let me apologize if I was unclear
before. You've made the script and patch more complicated, but I prefer
that you make it simpler. Even if some of the features are useful and
interesting, I'm not convinced that they are worth extra complexity.
What I'd like to do is commit a very simple version of the script, and
then add features as they are shown to be useful.

To be specific, these are the changes I want you to make.

1. Embed the list of hostnames inside the script as a big array. Remove
   hostnames.lst and the hostnamesdb script argument. So far this is the
   only script that needs them; if other scripts need them in the future
   we can break them out into a data file. I don't want any changes to
   unpwdb.lua. (I'm not saying your changes to unpwdb.lua are a bad
   idea, just that I don't want them as a side effect of including this
   script.)

2. Change the portrule to be
     portrule = shortport.http
   Remove the http-vhosts.service argument. Again, I'm not saying that's
   a bad idea, just that I'm not convinced it's useful and I would
   prefer handle it separately from the core of the script. After all,
   if it's good for this script we may want it for all the http scripts.

3. Don't modify host.targetname. When I comment that out and just use
   the Host header as you have already implemented, it works fine.
     targetname = makeTargetName(name , domain)
     response = response .. string.format("http-vhosts: %s(%s)://%s(%s)%s %s: ",port.service,port.number, 
host.targetname, host.ip, resource, targetname)
     http_response = http.head(host, port, resource, {header={Host=targetname}})
   631/tcp  open  ipp       syn-ack
   | http-vhosts:
   | http-vhosts: ipp(631)://localhost(127.0.0.1)/ www.localhost: 200
   |_http-vhosts: ipp(631)://localhost(127.0.0.1)/ www2.localhost: 200

4. Change the name of the http-vhosts.resource script argument to
   http-vhosts.path.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

http-vhosts.nse ready for beta Carlos Pantelides (Nov 16)
- Re: http-vhosts.nse ready for beta David Fifield (Nov 29)
- <Possible follow-ups>
- Re: http-vhosts.nse ready for beta Carlos Pantelides (Dec 02)
  - Re: http-vhosts.nse ready for beta David Fifield (Dec 05)
- Re: http-vhosts.nse ready for beta Carlos Pantelides (Dec 07)
  - Re: http-vhosts.nse ready for beta David Fifield (Dec 07)