Nmap Development mailing list archives
RE: Best practice for web vulnerability scripts?
From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Tue, 27 May 2014 21:50:07 +0100
I'd suggest that http-enum is for enumerating common files, identifying whether a file or directory exists. Anything that checks whether a vulnerability exists should ideally use the vuln library from now on, as it allows references, descriptions etc. to be associated, and the output should be well structured. The http-enum script probably needs a review at some point though, IIRC it doesn't have structured output yet either? Rob
-----Original Message----- From: dev [mailto:dev-bounces () nmap org] On Behalf Of Ron Bowes Sent: 27 May 2014 21:19 To: Nmap-dev Subject: Best practice for web vulnerability scripts? Hey, I gave Claudiu a simple vulnerability check to write - basically, an auth bypass in some CMS software. It has an associated CVE number and stuff. It could very easily be written as a http-enum.nse fingerprint, but I've noticed that some vulnerability scripts are being written separately so
they
can use the vulnerability library and report them by CVE number. What's the current best practice we're using? Thanks! Ron _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Best practice for web vulnerability scripts? Ron Bowes (May 27)
- RE: Best practice for web vulnerability scripts? Rob Nicholls (May 27)
- Re: Best practice for web vulnerability scripts? Ron Bowes (May 27)
- Re: Best practice for web vulnerability scripts? George Chatzisofroniou (May 28)
- Re: Best practice for web vulnerability scripts? Daniel Miller (May 28)
- Re: Best practice for web vulnerability scripts? George Chatzisofroniou (May 28)
- Re: Best practice for web vulnerability scripts? Daniel Miller (May 28)
- RE: Best practice for web vulnerability scripts? Rob Nicholls (May 27)