Re: http-changelog.nse script and GSoC participation.

[Jesper Kückelhahn <dev.kyckel () gmail com>]

There is already a http spider implemented in lua that you could use, but I'm not sure how effective it will be since 
there might not be a link to the change log file. Also, since you are already matching specific files (that is their 
md5 sums/fingerprints) you most likely also know their exact location. Currently I can think of three approaches:

1) specify the location of the change log file along with its fingerprint
2) create a generic list of know locations for change log files in general, request them all and compare their md5 sums 
to all of your fingerprints
3) spider the application to find directories, and use those as prefixes for the change log file locations from either 
1) or 2).

All three have merits, but it depends on what your requirements for the scripts are. If it needs to be quick and not 
that intrusive, option 3 is probably not the right choice, as it will generate a lot of traffic. However, if this is 
not an issue, it will most likely be the most precise solution.


Regards
Jesper


On Apr 16, 2013, at 6:43 AM, Yashin Mehaboobe <yashinm92 () gmail com> wrote:
> Got it. Sorry for the late reply. I've hit a snag here. My script only checks one location for the changelog.txt 
> file. But the location definitely varies. Should I include http spidering capability? Or just an argument specifying 
> where the file is?
>
> On Apr 11, 2013 3:28 AM, "Jesper Kückelhahn" <dev.kyckel () gmail com> wrote:
> Sorry about that, I thought I included some in there. I've attached the md5s of change logs I discovered in my 
> research. There are a lot of other static files also (readme, install, robots.txt, copying, license, etc) that also 
> could have potential interest.  
>
> Regarding import of data, I don't know which is preferred, but using tables will probably give you a more flexible 
> database if you what to use a more complex structure later on. 
>
>
> - Jesper
>
> On Wed, Apr 10, 2013 at 10:20 PM, Yashin Mehaboobe <yashinm92 () gmail com> wrote:
> Thanks ! But there weren't any md5s for ChangeLog files in the script. All I saw were text matching for the contents. 
> And I'll look into implementing the database part using the table.insert method. I was actually thinking of doing it 
> like the http-favicon script was doing. Just a file which contains the hashes. Opened and parsed using regex and then 
> assigned to dictionary. Any demerits to using the latter method?
>
> On Apr 11, 2013 12:47 AM, "Jesper Kückelhahn" <dev.kyckel () gmail com> wrote:
> Hi Yashin,
>
> I saw your post on the nmap list, and just wanted to let you know that a while back I wrote a general web app 
> detection script, please see http://seclists.org/nmap-dev/2013/q1/356. 
>
> There are some md5 sums for change log files in the database file - you are welcome to use those if you'd like. In 
> the script I used some code from http-fingerprints.nse, which has a very nice example of loading fingerprints from a 
> database.
>
>
>
> Cheers,
> Jesper
>
>
> On Apr 10, 2013, at 8:13 PM, Yashin Mehaboobe <yashinm92 () gmail com> wrote:
>
> > Thanks for the input. I have updated the code. Getting the latest
> > version from svn now.
> >
> > -- 
> > - Yashin Mehaboobe
> > _______________________________________________
> > Sent through the dev mailing list
> > http://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/