Nmap Development mailing list archives
Re: [NSE] Improved performance of http-default-accounts
From: nnposter () users sourceforge net
Date: Mon, 19 Aug 2013 22:21:30 +0000
George Chatzisofroniou wrote:
On Wed, Aug 14, 2013 at 01:28:25AM +0000, nnposter wrote:This functionality provides opportunity for further improvement by being able to match page content to differentiate between real HTTP/200 and a custom error page. (As of now the script completely skips targets that return HTTP/200 for non-existent pages.)I added a TODO note for this in http-default-accounts-fingerprints.
It would amount to augmenting the simple checks for HTTP/200 in target_check() of POST-based fingerprints with some string/regex matching against the probe response body or headers. It is relatively easy to do but I just do not have access to those specific applications (Axis2 and Arris 2307). For Cacti it could look like this: --- http-default-accounts-fingerprints.lua.orig 2013-08-19 15:58:08.671875000 -0600 +++ http-default-accounts-fingerprints.lua 2013-08-19 16:16:04.140625000 -0600 @@ -87,7 +87,12 @@ {path = "/cacti/"} }, target_check = function (host, port, path, response) - return response.status == 200 + -- true if the response is HTTP/200 and sets cookie "Cacti" + if response.status ~= 200 then return false end + for _, ck in ipairs(response.cookies or {}) do + if ck.name:lower() == "cacti" then return true end + end + return false end, login_combos = { {username = "admin", password = "admin"} Cheers, nnposter _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Improved performance of http-default-accounts nnposter (Aug 13)
- Re: [NSE] Improved performance of http-default-accounts George Chatzisofroniou (Aug 17)
- Re: [NSE] Improved performance of http-default-accounts nnposter (Aug 19)
- Re: [NSE] Improved performance of http-default-accounts George Chatzisofroniou (Aug 17)