Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-enum.nse mods

From: Micah <micah.hoffman () gmail com>
Date: Wed, 14 Mar 2012 21:08:24 -0400
Thanks for making the patch (I'll remember to do it next time).

The extensions I added from nikto (www.cirt.net) are frequent extensions
used to make backup files (so they are in line with the intent of the
script).

So, I guess this is where I have a question: the scripts seem very similar
to me. Is it worth me combining (moving the spidering ability to the
http-enum script) them to consolidate the scripts or is this not worth it?

--- Micah

On Wed, Mar 14, 2012 at 18:34, David Fifield <david () bamsoftware com> wrote:


On Mon, Mar 12, 2012 at 10:07:26PM -0400, Micah wrote:


I took a look at the http-backup-finder.nse and http-enum.nse scripts and
saw that most all of the function of http-backup-finder.nse is already in
http-enum.nse. I modded the http-enum.nse script with several additional
file extensions (pulled from nikto) for completeness.

I recommend someone with a little more scripting experience take a look

at

these two scripts and probably remove the http-backup-finder.nse.

Modded http-enum.nse attached for review/submission.


Thank you for sending this, Micah. I've attached a patch of your change
so others can more easily see what it does. In short, it adds the new
extensions .orig, .back, .backup, .old, and .tbz2.

I'm not familiar with the part of the code that handles those
extensions, so I'll let others say whether they are worth adding.

As for http-backup-finder, I don't think that adding these extensions
makes http-enum a replacement for it. The difference is that
http-backup-finder spiders the site and looks for backups of names that
it finds--names that http-enum doesn't know in advance.

Conceivably this could be a replacement for http-config-backup, except
that that script is more narrowly focused and has support for saving
files.

David Fifield


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: