Nmap Development mailing list archives
Re: [NSE] New httpspider library and http-email-harvest script
From: Martin Holst Swende <martin () swende se>
Date: Thu, 08 Dec 2011 13:43:09 +0100
On 12/06/2011 11:50 PM, Patrik Karlsson wrote:
Hi all, I've just committed (r27349) a httpspidering library inspired by Paulino's previous work. The script http-email-harvest is the first script that makes us of it and collects e-mail addresses from spidered web content. Comments and feedback are, as always, welcome. Cheers, Patrik
Cool, Would it be possible to have a prerule script which modifies the http-library to enable 'sniffing' of different things, such as email. Consider the following: nmap --script http-grep, http-enum --script-args http-grep.harvest="email,stacktraces,plaintext_login,cookienames, serverbanners" <target> For that to work, the http-grep would have to monkeypatch the http library and add a couple of 'greppers' which would analyse all http responses before they are passed to http-enum. Then we could add a bunch of greppers which would be very simple to implement and could be used anytime http is used, and leverage existing http-scripts. The email-harvest script could be replaced by nmap --script http-grep, http-spider --script-args http-grep.harvest="email" <target> Is it at all possible for a pre-rule script to do this? Would it make sense? /Martin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New httpspider library and http-email-harvest script Patrik Karlsson (Dec 06)
- Re: [NSE] New httpspider library and http-email-harvest script Martin Holst Swende (Dec 08)
- Re: [NSE] New httpspider library and http-email-harvest script Djalal Harouni (Dec 08)
- Re: [NSE] New httpspider library and http-email-harvest script Martin Holst Swende (Dec 08)
- Re: [NSE] New httpspider library and http-email-harvest script Djalal Harouni (Dec 08)
- Re: [NSE] New httpspider library and http-email-harvest script Martin Holst Swende (Dec 08)