Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Modified http-grep.nse to include multiple patterns and built in patterns.

From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Sat, 4 Jul 2015 16:39:15 +0530
Hi,

This required a lot of corrections. The script now has validations for all
default patterns and allows patterns like ssn, email, credit card numbers
etc. The output is unique meaning if X features under one URL it won't
feature under any other URL. Committed in rev 34828.

Gyani

On Tue, Feb 10, 2015 at 1:21 AM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:


Hi,

I modified http-grep.nse to include the following :

   - A list of BUILT_IN_PATTERNS namely email, phone, mastercard, visa,
   discover, amex, social security numbers, ip(ipv4). These  can be specified
   using http-grep.builtins.
   - Multiple pattern/built-in search instead of just one
   pattern/built-in separated by a delimiter of choice .
   - Delimiters between patterns can be specified using
   http-grep.delimiter else ',' is used by default.

I plan on adding more known patterns(passwords etc). While debugging users
at #lua suggested to use lpeg patterns instead. The current email
pattern(also used in http-email-harvest.nse) doesn't support the various
new formats out there for ex foo()barDOTtravel . LPEG seems to have a lot
of patterns that can be used including various international phone number
formats and email address formats.

This is a first draft. Currently the results aren't
unique(x()exampleDOTcom listed under several websites) I will add a simple
function to make the results unique if needed(taken as argument). I don't
think the results were unique in the original script either. My script
seems to be working for whatever test cases I tried. The phone patterns are
very weak the first one matches for sub parts of the last one. Will change
that in the next version.

Also in the original script(http-grep.nse) line 94(local count =
select(2, body:gsub(match, match))) throws an error 'invalid use of % in
replacement string' while using the email pattern. I was able to escape
that  by setting the second match(in line 94) to "". [Nmap 6.47 downloaded
from /downloads.html running on an ssh server running ubuntu 12.04]

I have attached the modified file. Posted this again as it didn't appear
on the mailing list.

Gyanendra Mishra


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: