Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] apache-userdir-enum

From: Ron <ron () skullsecurity net>
Date: Sat, 22 Aug 2009 17:06:18 -0500
On 08/22/2009 04:59 PM, jah wrote:

Yes, good idea.
I was looking at an apache log after using http-enum and saw that it did
about 80 requests in under two seconds.  http.lua pipelining has
obviously improved speed enormously and so I think the userdir script
should probably use HEAD requests once you've made the helper functions
available.  I think they should go in http.lua.
Maybe the random string generation that apache-userdir-enum uses would
be a good helper function too.  I saw the "Nmap404Check1250849230"
request and thought to myself, "hmm, think I'll add rewrite rule for
requests like those".
Heh, I sometimes use purely random strings, but generally I don't hide the fact that it's Nmap. Originally, it was "Nmap404check", but I added a timestamp to the end to get a bit of randomness. Nothing Rewrite can't overcome, of course. Actually, I'm using Rewrite a great deal for testing, it's incredibly useful for simulating stupid 404 pages: 
http://test.skullsecurity.org/~ron
Obviously that's all fake data, but I wanted to make sure I could recognize/remove troublesome things that change between pageviews.
Maybe I'll switch to using your random string, though. It might be a good candidate for putting in stdnse (I've built random-string-generators a few times in the past). 


I thought the same thing.  In fact it's oversight on my part that I
didn't do a name change when I removed the apache-only restriction from
the userdir script.  I think http-userdir-enum is a better fit.  I'll do
that now.

Thanks!



Regards,

jah

Ron

--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: