Nmap Development mailing list archives
Re: [NSE] http-verb-tamper
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 8 Nov 2011 23:11:09 +0100
On Tue, Nov 8, 2011 at 8:41 AM, Hani Benhabiles <kroosec () gmail com> wrote:
Yes I the same, because we could also add/change vulnerabilities that are checked by default later. On Tue, Nov 8, 2011 at 6:18 AM, David Fifield <david () bamsoftware com>wrote:On Mon, Nov 07, 2011 at 01:52:10PM +0100, Hani Benhabiles wrote:Attached is the updated version: Renamed to http-method-tamper Accepts the script argument http-method-tamper.paths as an array. Defaults to {"/jmx-console/"} It also supports detecting cases where no authentication is required for jmx console which is the default configuration (and common as a searchonshodanhq or using a Google dork shows.)Ptrik asked whether this script should be called http-method-tamper or names after the CVE number. I think it should be http-method-tamper. My thinking is that we can add other paths to the default list if more of them are discovered. David Fifield-- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: @kroosec
Hani, Thank's for the contribution! I committed a slightly modified script as r27029. The changes I made were: * If the script argument is a string it's converted to a table * If authentication is not required it's always reported, not only for the jmx-console path. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 04)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper David Fifield (Nov 06)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 07)
- Message not available
- Message not available
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 08)
- Re: [NSE] http-verb-tamper Djalal Harouni (Nov 09)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 04)