Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Gyani's status report #11 of 17

From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Mon, 13 Jul 2015 23:44:05 +0530
Hi list,

This week I continued my work on http.lua, http-fetch and osinfo.lua.

Accomplishments

* Added auto authentication to http.lua. If options.auto is set to true for
the first request then auto auth is enabled for all following requests. You
can selectively turn of auto auth for a particular request by setting
options.auto to false. Note this(switching off auto auth for a particular
request) can't be done for NTLM requests as for NTLM requests a NTLM socket
is created. Also now auto auth is not default for any request. You need to
set auto auth to true using options.auto for both pipelined and non
pipelined requests. Users can over ride this by setting http.autoauth to
true. Also added functions make_ntlm_socket this function returns an ntlm
socket along with an ntlm blob, the socket is used with the
make_ntlm_request. Optionally if a user gives an old socket as a parameter
the script makes that socket an ntlm script and returns the ntlm auth blob
for the same.[1]

* http-fetch : The mirrorring in http-fetch is not dependent on lfs.lua any
more. Also all the gmatch calls are replaced with fewer and more efficient
gsub calls. The script is more robust than it was before. Will talk about
this more in the next point.

* Posted an RFC to the mailing list for the mirroring in http-fetch. The
mail contains a detailed post about the current implementation of mirroring
in http-fetch.[2]

* Added uname parsing to osinfo.lua. You can now parse uname strings to get
an os name, os cpe and a uname string split into specific parts by running
the parse_uname() function of the osinfo library.[3]

* The scripts/ version of http-fetch now supports a download everything
option which is basically mirroring without modifying the downloaded files.

Priorities

* Add creds support to pipelined requests in http.lua.

* Survey scripts and libraries that use the http library for possible use
of the auto auth functionality and make necessary changes.

* Survey scripts that may make use of the osinfo library and make necessary
changes.

* Currently uname parsing works for linux and darwin strings, add support
for other Unix and Unix like systems.[4]

Gyani
[1]https://svn.nmap.org/nmap-exp/gyani/drafts/http.lua
[2]http://seclists.org/nmap-dev/2015/q3/71
[3]https://svn.nmap.org/nmap-exp/gyani/nselib/osinfo.lua
[4]https://en.wikipedia.org/wiki/Uname

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: