Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] apache-userdir-enum

From: Ron <ron () skullsecurity net>
Date: Sat, 22 Aug 2009 19:48:23 -0500
On 08/22/2009 04:59 PM, jah wrote:

On 22/08/2009 22:41, Ron wrote:

Since duplicating effort is always bad, maybe I'll make a
http-helper.lua nselib (or maybe even add to http.lua?) the functions
that let me do this, and document them. Then we can use those for both
http-enum.nse and apache-userdir-enum. Let me know if you guys think
it's a good idea and I'll go ahead and do it.

Yes, good idea.
All right, r15233 contains an updated version of http-userdir-enum.nse that uses the logic I wrote (HEAD requests when possible, decent 200-page detection, etc).
Check it out and let me know what you think! I haven't done significant testing yet, since I don't have access to much unless I'm at work (at home I just use "-iR 1000" to find stuff, but I'm always paranoid I'll get in trouble :) ). That being said, it seems to work nicely against the stuff I DO have: 
--
$ ./nmap --script=http-enum,http-userdir-enum -p80 -T4 www.javaop.com 

Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-22 19:47 CDT
NSE: Script Scanning completed.
Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http
|_ http-userdir-enum: Potential Users: root, admin, test
|  http-enum:
|  /icons/ Icons and images
|  /robots.txt Robots file
|  /sw/auth/login.aspx Citrix WebTop
|  /images/outlook.jpg Outlook Web Access
|  /nfservlets/servlet/SPSRouterServlet/ netForensics
|_ /nfservlets/servlet/SPSRouterServlet/ netForensics
--

Ron

--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: