Nmap Development mailing list archives

Re: [NSE] new script - http-exif-spider


From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 26 Jul 2012 15:39:26 +0200

On Thu, Jul 26, 2012 at 3:27 PM, Ron <ron () skullsecurity net> wrote:

On Thu, 26 Jul 2012 15:29:00 +0200 Patrik Karlsson <patrik () cqure net>
wrote:
Cool script! Some comments after a very quick look:
There's some trailing byte \xB4 after the model, should it be there?
That's there in the file.. I don't know why, but I figured I'd just leave
it.

Would it make sense to remove the constants that are not being used?
I personally like it, it makes it easier to expand later and makes it
easier for people who need the list for whatever reason, but it doesn't
matter too much to me.

Perhaps the script would benefit from a less restrictive blacklist,
permitting images, but blocking archives and other cruft?

The blacklist suggestion illustrates a shortcoming in the library
itself, as there is no easy way of removing an extension category or
extension from the default blacklist. So a custom blacklist would
have to be loaded using the addBlacklist method in the options class.
How hard would it be to add a whitelist feature that can override the
blacklist?


There's already a whitelist feature in there, that runs after the blacklist.
So if the blacklist is empty, the whitelist should still run.
When looking into this, I think I noticed a bug, that I just fixed in
r29372.
You can add a whitelist using the addWhitelist method on the options class.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: