Nmap Development mailing list archives
Re: NSE script for finding user and admin login pages
From: Paulino Calderon <paulino () calderonpale com>
Date: Sun, 16 Apr 2017 23:36:28 -0500
Hello, http-enum uses categories to filter probes so you can limit your scan to administration pages for example. There are some entries related to administration consoles already, so perhaps you could add the missing signatures there instead. Cheers, El 16 abr. 2017 11:10 PM, "Rewanth Cool" <ravatheruler4 () gmail com> escribió:
Hi Varunram, You are absolutely right about saying there are more than 500 fingerprints for the same in http-fingerprints.lua. But for the fact, http-fingerprints doesn't have any method for filtering the urls. It will be scanning all the urls in its huge file with more than 12,000 lines of code. What if the user has prior knowledge on what to scan and want to scan exclusively for admin/login pages? Making him execute huge http-fingerprints isn't a good idea. Executing http-fingerprints completely takes at least 1 hour on an good internet connection whereas my new script takes hardly 10-15 minutes even on an average internet connection as my new script filters all the unwanted urls from the list. My script takes the extension of the website as a parameter which boils down the urls from 560 to 140 and this is the reason for the faster execution of my script. I marked a TODO task also in the script where we have to write a scraper function which crawls the website and automatically fetches the extension being used by the website like php, jsp, asp, aspx and so on, if and only if the user doesn't give the extension parameter through command line. Implementing this will work greatly when extension parameter is not given as an argument as it automatically filters the urls from 560 to 140 and saves a lot of time. Of course http-fingerprints give a lot more information than my script.I don' think making him wait for long time and giving him the results which he is not interested in or not necessary is a good idea. What's the use in giving the information that the user is not interested in by killing his precious time? (1 hour VS 10 minutes). FYI, my script also contains around 550 urls which exclusively point to admin/login pages. Hope this explanation gives a clear picture on why to use my new script instead of http-fingerprints while finding for admin/login pages. Thanks, Rewanth. On Sun, Apr 16, 2017 at 5:23 PM, Varunram Ganesh <vrg2009 () ymail com> wrote:Hello Rrewanth, As commented on your PR by Gyani and myself, a new script is not necessarily needed for this functionality. http-fingerprints.lua already does this and has over 500 fingerprints for the same. Cheers, Varunram_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- <Possible follow-ups>
- Re: NSE script for finding user and admin login pages Varunram Ganesh via dev (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- Re: NSE script for finding user and admin login pages Paulino Calderon (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 17)
- Re: NSE script for finding user and admin login pages nnposter (Apr 17)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)