Nmap Development mailing list archives
Re: Web crawling library proposal
From: Patrik Karlsson <patrik () labb1 com>
Date: Wed, 19 Oct 2011 22:02:57 -0400
Hey Paulino, Nice work. I spotted a few things when running the http-email-harvest. First, it didn't finish even though I let it run for a LONG time, not sure why really, will let you know once I find out more. I noticed that it actually downloaded a lot of zipfile off from the web site, these should probably be blacklisted for this particular script. Also, from what I could see in the debug messages the script didn't seem to chop of anchor links treating the following as two different urls: http://site/app/page.suffix http://site/app/page.suffix#anchor Cheers, Patrik On Wed, Oct 19, 2011 at 3:25 AM, Paulino Calderon <paulino () calderonpale com>wrote:
Hi list, I'm attaching my working copies of the web crawling library and a few scripts that use it. It would be great if I can get some feedback. All the documentation is here: https://secwiki.org/w/Nmap/**Spidering_Library<https://secwiki.org/w/Nmap/Spidering_Library> I'm including 3 scripts using the library: * http-sitemap - Returns a list of URIs found. (Useful for target enum) * http-phpselfxss-scan - Returns a list of PHP files vulnerable to Cross Site Scripting via infecting the variable $_SERVER["PHP_SELF"]. * http-email-harvest - Returns a list of the email accounts found in the web server. NSE scripts would start a crawling process and then get a list of URIs to be processed as the programmer wishes. For example if we wanted to write a script to look for backup files we could simply do: httpspider.crawl(host, port) local uris = httpspider.get_sitemap() for _, uri in pairs(uris) do local obj = http.get(uri .. ".bak") if page_exists(obj and other params...) then results[#results+1] = uri end There is still work to be done since spidering can be as complex as we want but I wanted to get an idea of what are the most important things to add to my TODO list for the following days. I've also setup a vulnerable application that you are free to scan: http://calder0n.com/sillyapp/ nmap -p80 --script http-sitemap,http-email-**harvest,http-phpselfxss-scan --script-args httpspider.path=/sillyapp/ calder0n.com nmap -p80 --script http-phpselfxss-scan,http-**email-harvest,http-sitemap --script-args httpspider.path=/sillyapp/ calder0n.com Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-10-19 00:13 PDT Nmap scan report for calder0n.com (173.45.233.210) Host is up (0.14s latency). PORT STATE SERVICE 80/tcp open http | http-email-harvest: info () domain com |_nmap-dev () insecure org | http-sitemap: URIs found: | http://calder0n.com/sillyapp/**secret/2.php<http://calder0n.com/sillyapp/secret/2.php> | http://calder0n.com/sillyapp/**index.php<http://calder0n.com/sillyapp/index.php> | http://calder0n.com/sillyapp/ | http://calder0n.com/sillyapp/**secret/1.php?hola=1<http://calder0n.com/sillyapp/secret/1.php?hola=1> | http://calder0n.com/sillyapp/**one.php<http://calder0n.com/sillyapp/one.php> | http://calder0n.com/sillyapp/**1.php<http://calder0n.com/sillyapp/1.php> | http://calder0n.com/sillyapp/**two.php<http://calder0n.com/sillyapp/two.php> |_http://calder0n.com/**sillyapp/three.php<http://calder0n.com/sillyapp/three.php> | http-phpselfxss-scan: Vulnerable files: | http://calder0n.com/sillyapp/**secret/2.php/%27%22/%3E%** 3Cscript%3Ealert(1)%3C/script%**3E<http://calder0n.com/sillyapp/secret/2.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E> | http://calder0n.com/sillyapp/**1.php/%27%22/%3E%3Cscript%** 3Ealert(1)%3C/script%3E<http://calder0n.com/sillyapp/1.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E> |_http://calder0n.com/**sillyapp/three.php/%27%22/%3E%** 3Cscript%3Ealert(1)%3C/script%**3E<http://calder0n.com/sillyapp/three.php/%27%22/%3E%3Cscript%3Ealert(1)%3C/script%3E> Cheers! -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/**paulinocaIderon<http://www.twitter.com/paulinocaIderon> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Web crawling library proposal Paulino Calderon (Oct 18)
- Re: Web crawling library proposal Patrick Donnelly (Oct 19)
- Re: Web crawling library proposal Paulino Calderon (Oct 19)
- Re: Web crawling library proposal Patrick Donnelly (Oct 19)
- Re: Web crawling library proposal Paulino Calderon (Oct 19)
- Re: Web crawling library proposal Paulino Calderon (Oct 19)
- Re: Web crawling library proposal Patrick Donnelly (Oct 19)
- Re: Web crawling library proposal Patrik Karlsson (Oct 19)
- Re: Web crawling library proposal Fyodor (Nov 01)
- Re: Web crawling library proposal David Fifield (Nov 05)
- Re: Web crawling library proposal Paulino Calderon (Nov 07)
- Re: Web crawling library proposal Patrik Karlsson (Nov 30)