Nmap Development mailing list archives
Re: [NSE] apache-userdir-enum
From: David Fifield <david () bamsoftware com>
Date: Sat, 8 Aug 2009 14:58:51 -0600
On Wed, Jul 29, 2009 at 02:10:42AM +0100, jah wrote:
On 27/07/2009 22:56, David Fifield wrote:I like this script. It's a good idea. Could it be combined with the recently added http-enum.nse script? I like the idea of checking the version detection results and only continuing if it matches "apache".I envisioned the script being used for discovering usernames as a precursor to a brute-force attempt over the same or other protocols (e.g. telnet, ssh) and to better focus such an attempt on usernames that are highly likely to exist on the target. Key to this would be limiting the number of false positives. I think that there would be distinct reasons for running the http-enum and apache-userdir scripts - one to find directories to explore and one to find usernames - and in the latter case, it might be overkill to test for all of the directories in http-enum (especially those not usually found on apache servers).
Okay, I see now. This script isn't about finding web directories, it's about enumerating users. It makes sense to have it separate. I would like you to commit the script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] apache-userdir-enum jah (Jul 12)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
- Re: [NSE] apache-userdir-enum jah (Aug 10)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
- Re: [NSE] apache-userdir-enum jah (Aug 17)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum jah (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 23)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)