Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New script - http-favicon.nse

From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 06 Nov 2008 21:58:39 +0100
I've just made script which will perform HTTP default favicon
enumeration. It will try to grab /favicon.ico  and from MD5 try to say
what software you are running.

I think this idea is very cool, and I notice your NSE script seems to be based
on a Nessus script[1].  I just want to make sure there are no copyright issues
here, since your script seems to have more in common than just the idea (MD5s
and names for the first six look like verbatim copies).  Correct me if I'm
wrong, but I don't see even a mention of this in your email or script.


I actually took idea & MD5 sigs, not from Nessus, but from OpenVAS:
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/webserver_favicon.nasl?root=openvas&view=log

Implementation is mine. And above script is released under GPL and it's
on OpenVAS feed for more than 2 years...

I can put that it is based on the above script in the .nse. I also
contributed additional md5 sigs back to the openvas nasl script...

Kost

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: