Nmap Development mailing list archives
[patch] Make sql-injection.nse use httpspider
From: Lauri Kokkonen <lauri.u.kokkonen () gmail com>
Date: Fri, 3 Feb 2012 09:19:58 +0200
The attached patch (against r28007) gets rid of the HTTP crawling code in sql-injection.nse and replaces it by using the Crawler interface. Everything else is kept as it was. I am using LinkExtractor to extract all links from the page returned by crawl() so to avoid doing that twice it might be useful to add a method to Crawler that returns all URLs encountered so far. Also, while testing the script I found a bug in httpspider: checking that an URL is within a host or domain should try to match the hostname only at the beginning of the URL because it might also be embedded in a query. Lauri
Attachment:
sql-injection.nse.diff
Description:
Attachment:
httpspider.lua.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [patch] Make sql-injection.nse use httpspider Lauri Kokkonen (Feb 02)
- Re: [patch] Make sql-injection.nse use httpspider Patrik Karlsson (Feb 05)
- Re: [patch] Make sql-injection.nse use httpspider Lauri Kokkonen (Feb 05)
- Re: [patch] Make sql-injection.nse use httpspider Duarte Silva (Feb 05)
- Re: [patch] Make sql-injection.nse use httpspider Patrik Karlsson (Feb 05)
- Re: [patch] Make sql-injection.nse use httpspider Lauri Kokkonen (Feb 05)
- Re: [patch] Make sql-injection.nse use httpspider Patrik Karlsson (Feb 05)