Nmap Development mailing list archives
Re: Please help
From: Fyodor <fyodor () insecure org>
Date: Mon, 4 Jun 2012 13:06:51 -0700
On Fri, Jun 01, 2012 at 11:15:43PM +0100, Hani Benhabiles wrote:
I don't it is necessary, given that there is already a generic test before launching the brute force. if ( response.status ~= 401 ) then return (" \n Path \"%s\" does not require authentication"):format(path) end
I agree that it is probably best to use "/" by default, so I just checked in that change. I also updated the script to use get_script_args() rather than accessing the registry.args directly. One thing I noticed while testing my changes is that http-brute doesn't seem to support HTTP digest auth. When my server asked for digest auth, the script proceeded to send thousands of useless (in this case) HTTP basic auth attempts. This would be a very useful (and probably not too hard) improvement for someone to make. I'll add it to the script ideas page (https://secwiki.org/w/Nmap_Script_Ideas). Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Please help M.Younas Imran (May 31)
- Re: Please help James Rogers (May 31)
- Re: Please help Hani Benhabiles (May 31)
- Re: Please help David Fifield (May 31)
- Re: Please help James Rogers (May 31)
- Re: Please help M.Younas Imran (Jun 01)
- Re: Please help Hani Benhabiles (Jun 01)
- Re: Please help Fyodor (Jun 04)
- Re: Please help Hani Benhabiles (May 31)
- Re: Please help James Rogers (May 31)