Nmap Development mailing list archives
Re: Modified http-grep.nse to include multiple patterns and built in patterns.
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Sat, 4 Jul 2015 16:39:15 +0530
Hi, This required a lot of corrections. The script now has validations for all default patterns and allows patterns like ssn, email, credit card numbers etc. The output is unique meaning if X features under one URL it won't feature under any other URL. Committed in rev 34828. Gyani On Tue, Feb 10, 2015 at 1:21 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:
Hi, I modified http-grep.nse to include the following : - A list of BUILT_IN_PATTERNS namely email, phone, mastercard, visa, discover, amex, social security numbers, ip(ipv4). These can be specified using http-grep.builtins. - Multiple pattern/built-in search instead of just one pattern/built-in separated by a delimiter of choice . - Delimiters between patterns can be specified using http-grep.delimiter else ',' is used by default. I plan on adding more known patterns(passwords etc). While debugging users at #lua suggested to use lpeg patterns instead. The current email pattern(also used in http-email-harvest.nse) doesn't support the various new formats out there for ex foo()barDOTtravel . LPEG seems to have a lot of patterns that can be used including various international phone number formats and email address formats. This is a first draft. Currently the results aren't unique(x()exampleDOTcom listed under several websites) I will add a simple function to make the results unique if needed(taken as argument). I don't think the results were unique in the original script either. My script seems to be working for whatever test cases I tried. The phone patterns are very weak the first one matches for sub parts of the last one. Will change that in the next version. Also in the original script(http-grep.nse) line 94(local count = select(2, body:gsub(match, match))) throws an error 'invalid use of % in replacement string' while using the email pattern. I was able to escape that by setting the second match(in line 94) to "". [Nmap 6.47 downloaded from /downloads.html running on an ssh server running ubuntu 12.04] I have attached the modified file. Posted this again as it didn't appear on the mailing list. Gyanendra Mishra
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Modified http-grep.nse to include multiple patterns and built in patterns. Gyanendra Mishra (Jul 04)