Nmap Development mailing list archives
http-unsafe-output-escaping help
From: "Milliron, Brian" <BMilliron () semprautilities com>
Date: Wed, 8 Aug 2012 16:30:01 -0700
I'm not able to get this script to spider from the specified start point. It also does not do anything if the -sn -Pn options are selected. I'm using this command line: nmap --script +http-unsafe-output-escaping.nse --script-args 'http-unsafe-output-escaping.url=/1057/hephastus/3ofclubs/index2.html' --script-trace -p 80 athena.ordonomicon.net But it keeps trying to scan the root, which goes nowhere: "00000000:47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HTTP/1.1 00000010: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 Connection: clos 00000020: 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d e User-Agent: M 00000030: 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 63 6f 6d 70 ozilla/5.0 (comp 00000040: 61 74 69 62 6c 65 3b 20 4e 6d 61 70 20 53 63 72 atible; Nmap Scr 00000050: 69 70 74 69 6e 67 20 45 6e 67 69 6e 65 3b 20 68 ipting Engine; h 00000060: 74 74 70 3a 2f 2f 6e 6d 61 70 2e 6f 72 67 2f 62 ttp://nmap.org/b 00000070: 6f 6f 6b 2f 6e 73 65 2e 68 74 6d 6c 29 0d 0a 48 ook/nse.html) H 00000080: 6f 73 74 3a 20 61 74 68 65 6e 61 2e 6f 72 64 6f ost: athena.ordo 00000090: 6e 6f 6d 69 63 6f 6e 2e 6e 65 74 0d 0a 0d 0a nomicon.net " Brian Milliron Sempra Energy Utilities Information Security Engineering BMilliron () semprautilities com<mailto:BMilliron () semprautilities com> 858-613-5781 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-unsafe-output-escaping help Milliron, Brian (Aug 08)
- Re: http-unsafe-output-escaping help Martin Holst Swende (Aug 08)
- RE: http-unsafe-output-escaping help Milliron, Brian (Aug 09)
- Re: http-unsafe-output-escaping help Martin Holst Swende (Aug 08)