Nmap Development mailing list archives
Re: [NSE] Two new scripts url-snarf, http-auth-finder
From: Duarte Silva <duarte.silva () serializing me>
Date: Sun, 29 Jan 2012 15:34:06 +0000
On Sunday 29 January 2012 16:22:07 Patrik Karlsson wrote:
On Sun, Jan 29, 2012 at 3:27 PM, Duarte Silva <duarte.silva () serializing me>wrote:On Sunday 29 January 2012 09:26:34 Patrik Karlsson wrote:Hi all, I've committed two new scripts: url-snarf: Sniffs the network for urls in HTTP traffic and dumps them together with their originating IP http-auth-finder: Spiders a site and detects web pages requiring HTTP- or form-based authentication. Comments and feedback is welcome. Cheers, //PatrikHi Patrik, some notes for the url-snarf: - it's missing the interface argument documentation and in the example usage,it should appear as obligatory;- in line 31, identation problems (/me being picky); For the http-auth-finder: - identation in line 59 (/me being picky again :P ); Wondering how http-auth script could take advantage of "nmap.registry.auth_urls". Maybe if it was a post rule script? Regards, Duarte SilvaThanks I just committed a version that addresses all those issues. In regards to the nmap.registry.auth_urls, the http-auth script would simply need a dependencies line containing the http-auth-finder script. This way the http-auth scripts doesn't run until the http-auth-finder has finished running. If someone want's to try to implement the necessary changes in http-auth, to leverage the auth_urls registry entry, please let me know. Cheers, Patrik
I was tinking more in the lines of, after everything executes, post rule would be activated, and the script would check every URL found. This would allow other scripts to be added that could fill in the "nmap.registry.auth_urls" variable without having to mess with dependencies. I don't see much of a problem in using the dependencies, but still, I'm wondering if it wouldn't be best to add the postrule, so that http-auth could take advantage of any script adding auth_urls without having to mess with the dependencies. Thoughs? Regards, Duarte
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Two new scripts url-snarf, http-auth-finder Patrik Karlsson (Jan 29)
- Re: [NSE] Two new scripts url-snarf, http-auth-finder Duarte Silva (Jan 29)
- Re: [NSE] Two new scripts url-snarf, http-auth-finder Patrik Karlsson (Jan 29)
- Re: [NSE] Two new scripts url-snarf, http-auth-finder Duarte Silva (Jan 29)
- Re: [NSE] Two new scripts url-snarf, http-auth-finder Patrik Karlsson (Jan 29)
- Re: [NSE] Two new scripts url-snarf, http-auth-finder Duarte Silva (Jan 29)
- Re: [NSE] Two new scripts url-snarf, http-auth-finder Patrik Karlsson (Jan 29)
- Re: [NSE] Two new scripts url-snarf, http-auth-finder Duarte Silva (Jan 29)