Nmap Development mailing list archives
Re: http-changelog.nse script and GSoC participation.
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Wed, 17 Apr 2013 23:56:23 +0200
There is already a http spider implemented in lua that you could use, but I'm not sure how effective it will be since there might not be a link to the change log file. Also, since you are already matching specific files (that is their md5 sums/fingerprints) you most likely also know their exact location. Currently I can think of three approaches: 1) specify the location of the change log file along with its fingerprint 2) create a generic list of know locations for change log files in general, request them all and compare their md5 sums to all of your fingerprints 3) spider the application to find directories, and use those as prefixes for the change log file locations from either 1) or 2). All three have merits, but it depends on what your requirements for the scripts are. If it needs to be quick and not that intrusive, option 3 is probably not the right choice, as it will generate a lot of traffic. However, if this is not an issue, it will most likely be the most precise solution. Regards Jesper On Apr 16, 2013, at 6:43 AM, Yashin Mehaboobe <yashinm92 () gmail com> wrote:
Got it. Sorry for the late reply. I've hit a snag here. My script only checks one location for the changelog.txt file. But the location definitely varies. Should I include http spidering capability? Or just an argument specifying where the file is? On Apr 11, 2013 3:28 AM, "Jesper Kückelhahn" <dev.kyckel () gmail com> wrote: Sorry about that, I thought I included some in there. I've attached the md5s of change logs I discovered in my research. There are a lot of other static files also (readme, install, robots.txt, copying, license, etc) that also could have potential interest. Regarding import of data, I don't know which is preferred, but using tables will probably give you a more flexible database if you what to use a more complex structure later on. - Jesper On Wed, Apr 10, 2013 at 10:20 PM, Yashin Mehaboobe <yashinm92 () gmail com> wrote: Thanks ! But there weren't any md5s for ChangeLog files in the script. All I saw were text matching for the contents. And I'll look into implementing the database part using the table.insert method. I was actually thinking of doing it like the http-favicon script was doing. Just a file which contains the hashes. Opened and parsed using regex and then assigned to dictionary. Any demerits to using the latter method? On Apr 11, 2013 12:47 AM, "Jesper Kückelhahn" <dev.kyckel () gmail com> wrote: Hi Yashin, I saw your post on the nmap list, and just wanted to let you know that a while back I wrote a general web app detection script, please see http://seclists.org/nmap-dev/2013/q1/356. There are some md5 sums for change log files in the database file - you are welcome to use those if you'd like. In the script I used some code from http-fingerprints.nse, which has a very nice example of loading fingerprints from a database. Cheers, Jesper On Apr 10, 2013, at 8:13 PM, Yashin Mehaboobe <yashinm92 () gmail com> wrote:Thanks for the input. I have updated the code. Getting the latest version from svn now. -- - Yashin Mehaboobe _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-changelog.nse script and GSoC participation. Yashin Mehaboobe (Apr 10)
- Re: http-changelog.nse script and GSoC participation. Aleksandar Nikolic (Apr 10)
- <Possible follow-ups>
- Re: http-changelog.nse script and GSoC participation. Yashin Mehaboobe (Apr 10)
- Message not available
- Re: http-changelog.nse script and GSoC participation. Yashin Mehaboobe (Apr 10)
- Re: http-changelog.nse script and GSoC participation. Jesper Kückelhahn (Apr 10)
- Message not available
- Re: http-changelog.nse script and GSoC participation. Jesper Kückelhahn (Apr 17)
- Re: http-changelog.nse script and GSoC participation. David Fifield (Apr 27)
- Re: http-changelog.nse script and GSoC participation. Yashin Mehaboobe (Jun 16)
- Message not available