Nmap Development mailing list archives
Re: [NSE] Patch for http-fingerprints and http-auth
From: Hani Benhabiles <kroosec () gmail com>
Date: Sun, 18 Dec 2011 21:40:00 +0100
Add this Silverlight fingerprint while you're at it. :) Cheers, Hani On Sun, Dec 18, 2011 at 8:31 PM, Patrik Karlsson <patrik () cqure net> wrote:
On Sun, Dec 18, 2011 at 7:18 PM, Duarte Silva <duarte.silva () serializing me>wrote:Hi, added fingerprints for Apache Archiva and to some variations ofdirectoriesrelated with source code repositories. Also added path and hostname arguments to http-auth (after running http-enum I wanted to check authenticated resources that weren't in the '/' path). Regards, Duarte Silva _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Thanks Duarte, I committed the fingerprints and the changes I mentioned in http-auth the other day. They already had the path argument added and most of your changes. I was a bit unsure of the request options though. As far as I can tell, the header "Connection: close" was already being sent and didn't need to be added. In regards to the hostname argument, the http library already solves this by checking the name specified as target. So if you specify scanme.nmap.org as a target, the host header will be set with that name. The only case that I can see where the hostname argument could be useful is for hostnames that don't resolve. So I'm not sure if we should add that argument or not? Please have a look at (and test, if possible) the current http-auth to see whether it suits your needs. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: kroosec <https://twitter.com/#%21/kroosec>
Attachment:
http-fingerprints.lua.silverlight
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Patch for http-fingerprints and http-auth Duarte Silva (Dec 18)
- Re: [NSE] Patch for http-fingerprints and http-auth Patrik Karlsson (Dec 18)
- Re: [NSE] Patch for http-fingerprints and http-auth Hani Benhabiles (Dec 18)
- Re: [NSE] Patch for http-fingerprints and http-auth Duarte Silva (Dec 19)
- Re: [NSE] Patch for http-fingerprints and http-auth Patrik Karlsson (Dec 19)
- Re: [NSE] Patch for http-fingerprints and http-auth Duarte Silva (Dec 19)
- Re: [NSE] Patch for http-fingerprints and http-auth Patrik Karlsson (Dec 18)