Nmap Development mailing list archives
Re: http-enum.nse mods
From: Micah <micah.hoffman () gmail com>
Date: Wed, 14 Mar 2012 21:08:24 -0400
Thanks for making the patch (I'll remember to do it next time). The extensions I added from nikto (www.cirt.net) are frequent extensions used to make backup files (so they are in line with the intent of the script). So, I guess this is where I have a question: the scripts seem very similar to me. Is it worth me combining (moving the spidering ability to the http-enum script) them to consolidate the scripts or is this not worth it? --- Micah On Wed, Mar 14, 2012 at 18:34, David Fifield <david () bamsoftware com> wrote:
On Mon, Mar 12, 2012 at 10:07:26PM -0400, Micah wrote:I took a look at the http-backup-finder.nse and http-enum.nse scripts and saw that most all of the function of http-backup-finder.nse is already in http-enum.nse. I modded the http-enum.nse script with several additional file extensions (pulled from nikto) for completeness. I recommend someone with a little more scripting experience take a lookatthese two scripts and probably remove the http-backup-finder.nse. Modded http-enum.nse attached for review/submission.Thank you for sending this, Micah. I've attached a patch of your change so others can more easily see what it does. In short, it adds the new extensions .orig, .back, .backup, .old, and .tbz2. I'm not familiar with the part of the code that handles those extensions, so I'll let others say whether they are worth adding. As for http-backup-finder, I don't think that adding these extensions makes http-enum a replacement for it. The difference is that http-backup-finder spiders the site and looks for backups of names that it finds--names that http-enum doesn't know in advance. Conceivably this could be a replacement for http-config-backup, except that that script is more narrowly focused and has support for saving files. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-enum.nse mods Micah (Mar 12)
- Re: http-enum.nse mods David Fifield (Mar 14)
- Re: http-enum.nse mods Micah (Mar 14)
- Re: http-enum.nse mods David Fifield (Mar 14)