Re: [NSE] http-config-backup

[Riccardo Cecolin <nmap () rikiji de>]

I ran cmsploit.coffee with the default configuration and then with
"swapFiles" and "configFiles" fully enabled, the first resulted in
just 12 GET requests while the second in 88 (both attached). Currently
http-backup-finder.nse checks 60 paths, and it's not a subset of the
88 mentioned above, so it's necessary to decide which are the most
interesting ones.

I added the directory save option and added another check for the
"path" so it's not necessary to specify the leading slash.

Riccardo

On Wed, Feb 29, 2012 at 3:23 AM, David Fifield <david () bamsoftware com> wrote:
> On Tue, Feb 14, 2012 at 08:00:51PM +0100, Riccardo Cecolin wrote:
> > Hi
> >
> > I'm a grad student, I'd like to learn how nmap works and then slowly
> > start contributing to the project. I started choosing a simple script
> > from the "Script Ideas" page and implementing it. Attached to this
> > mail there's "http-config-backup". Let me know what can be
> > fixed/improved.
>
> I have taken a closer look at this script. It is overall nicely done. I
> have made a bunch of changes and attached the modified script. There are
> a few more things I'd like you to do, if you will, before the script is
> committed.
>
> The first is that I'd like you to cross-check the list of paths against
> the original CMSploit implementation at
> https://github.com/feross/CMSploit/blob/master/NodeJS/cmsploit.coffee.
> The reason is that I noticed that your script doesn't check paths of the
> form ".BASENAME.swp", only the version without a leading dot. It also
> checks some other paths that seem to come from http-backup-finder. I'd
> like to know exactly what paths are being queried, so we can decide if
> there's a good reason for any differences.
>
> Ideally, I'd like to have two text files; one a transcript of the
> queries made by http-config-backup.nse, and one a transcript of
> cmsploit.coffee. If you can't easily run cmsploit.coffee, then maybe you
> can at least recover a complete list of paths by tracing through what
> the source code does.
>
> The "save" script argument shouldn't be a simple boolean; rather it
> should be the name of a directory in which to store the downloaded
> pages. Can you check how other scripts handle this situation and make
> your script match?
>
> David Fifield

Attachment: http-config-backup.nse
Description:

Attachment: cmsploit.default.list
Description:

Attachment: cmsploit.full.list
Description:

Attachment: http-config-backup.list
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/