Nmap Development mailing list archives

Re: [SCRIPT] http-wordpress-enum.nse: improvements.

From: David Fifield <david () bamsoftware com>
Date: Tue, 7 Aug 2012 09:28:28 -0700

On Sat, Aug 04, 2012 at 03:41:34PM +0200, Eugenio Delfa wrote:

Hi,

I've found some cases (due to wp themes) that instead of 404/30x
expected code, I get a 200 HTTP code and
"http://www.example.com/author/feed/"; HREF link for a non existant ID.
With ([^/]*) instead of (.-) pattern, this problem is solved.

On the other hand, in some pentesting process, we may need to retrieve
all usernames. So for this I added 'threshold' parameter, for limit=0 value.
In this particular case, we still enumerating until reach 'threshold'
invalid ID's .


Could you please make these as two separate patches, and make the
patches with "svn diff" or "diff -u"?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[SCRIPT] http-wordpress-enum.nse: improvements. Eugenio Delfa (Aug 04)
- Re: [SCRIPT] http-wordpress-enum.nse: improvements. Ron (Aug 04)
- Re: [SCRIPT] http-wordpress-enum.nse: improvements. David Fifield (Aug 07)