Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Best practice for web vulnerability scripts?

From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Tue, 27 May 2014 21:50:07 +0100
I'd suggest that http-enum is for enumerating common files, identifying
whether a file or directory exists. Anything that checks whether a
vulnerability exists should ideally use the vuln library from now on, as it
allows references, descriptions etc. to be associated, and the output should
be well structured. The http-enum script probably needs a review at some
point though, IIRC it doesn't have structured output yet either?

Rob


-----Original Message-----
From: dev [mailto:dev-bounces () nmap org] On Behalf Of Ron Bowes
Sent: 27 May 2014 21:19
To: Nmap-dev
Subject: Best practice for web vulnerability scripts?

Hey,

I gave Claudiu a simple vulnerability check to write - basically, an auth
bypass in some CMS software. It has an associated CVE number and stuff.

It could very easily be written as a http-enum.nse fingerprint, but I've
noticed that some vulnerability scripts are being written separately so

they

can use the vulnerability library and report them by CVE number.

What's the current best practice we're using?

Thanks!

Ron
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: