Nmap Development mailing list archives
Re: NSE script for finding user and admin login pages
From: Rewanth Cool <ravatheruler4 () gmail com>
Date: Mon, 17 Apr 2017 13:43:05 +0530
Hello Paulino, That's a nice idea. The five categories in the http-fingerprint are general, security, management, printer, database. My idea is to create new categories like php, asp, aspx, jsp and load them with the admin/login pages in their respective categories. I'm thinking to use parameters like these, http-fingerprints.login-pages="php" or http-fingerprints.login-pages="all". I will fetch the extensions from the parameters given by the user as above and then process the results. I will be moving all the admin/login links from the existing http-fingerprints file into the new categories which will be created by me to avoid repetition of duplicate entries in multiple categories in http-fingerprints file. If the user doesn't use http-fingerprints.login-pages parameter first the nikto-db will be executed and then my new module gets executed. So finally even if I move the existing links from the current category into my new categories the output results will be same because eventually my script also gets executed after the nikto-db module. Is this implementation good enough? Please review the implementation and notify the changes if any so that I can start modifying the http-fingerprints module. Thanks, Rewanth. On Mon, Apr 17, 2017 at 10:06 AM, Paulino Calderon <paulino () calderonpale com
wrote:
Hello, http-enum uses categories to filter probes so you can limit your scan to administration pages for example. There are some entries related to administration consoles already, so perhaps you could add the missing signatures there instead. Cheers, El 16 abr. 2017 11:10 PM, "Rewanth Cool" <ravatheruler4 () gmail com> escribió:Hi Varunram, You are absolutely right about saying there are more than 500 fingerprints for the same in http-fingerprints.lua. But for the fact, http-fingerprints doesn't have any method for filtering the urls. It will be scanning all the urls in its huge file with more than 12,000 lines of code. What if the user has prior knowledge on what to scan and want to scan exclusively for admin/login pages? Making him execute huge http-fingerprints isn't a good idea. Executing http-fingerprints completely takes at least 1 hour on an good internet connection whereas my new script takes hardly 10-15 minutes even on an average internet connection as my new script filters all the unwanted urls from the list. My script takes the extension of the website as a parameter which boils down the urls from 560 to 140 and this is the reason for the faster execution of my script. I marked a TODO task also in the script where we have to write a scraper function which crawls the website and automatically fetches the extension being used by the website like php, jsp, asp, aspx and so on, if and only if the user doesn't give the extension parameter through command line. Implementing this will work greatly when extension parameter is not given as an argument as it automatically filters the urls from 560 to 140 and saves a lot of time. Of course http-fingerprints give a lot more information than my script.I don' think making him wait for long time and giving him the results which he is not interested in or not necessary is a good idea. What's the use in giving the information that the user is not interested in by killing his precious time? (1 hour VS 10 minutes). FYI, my script also contains around 550 urls which exclusively point to admin/login pages. Hope this explanation gives a clear picture on why to use my new script instead of http-fingerprints while finding for admin/login pages. Thanks, Rewanth. On Sun, Apr 16, 2017 at 5:23 PM, Varunram Ganesh <vrg2009 () ymail com> wrote:Hello Rrewanth, As commented on your PR by Gyani and myself, a new script is not necessarily needed for this functionality. http-fingerprints.lua already does this and has over 500 fingerprints for the same. Cheers, Varunram_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- <Possible follow-ups>
- Re: NSE script for finding user and admin login pages Varunram Ganesh via dev (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- Re: NSE script for finding user and admin login pages Paulino Calderon (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 17)
- Re: NSE script for finding user and admin login pages nnposter (Apr 17)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)