Nmap Development mailing list archives

Re: [NSE] apache-userdir-enum

From: Fyodor <fyodor () insecure org>
Date: Sat, 22 Aug 2009 22:45:17 -0700

On Sat, Aug 22, 2009 at 07:48:23PM -0500, Ron wrote:

On 08/22/2009 04:59 PM, jah wrote:

On 22/08/2009 22:41, Ron wrote:

Since duplicating effort is always bad, maybe I'll make a
http-helper.lua nselib (or maybe even add to http.lua?) the functions
that let me do this, and document them. Then we can use those for both
http-enum.nse and apache-userdir-enum. Let me know if you guys think
it's a good idea and I'll go ahead and do it.

Yes, good idea.


All right, r15233 contains an updated version of http-userdir-enum.nse 
that uses the logic I wrote (HEAD requests when possible, decent 
200-page detection, etc).

Check it out and let me know what you think! I haven't done significant 
testing yet, since I don't have access to much unless I'm at work (at 
home I just use "-iR 1000" to find stuff, but I'm always paranoid I'll 
get in trouble :) ). That being said, it seems to work nicely against 
the stuff I DO have:
--
$ ./nmap --script=http-enum,http-userdir-enum  -p80 -T4 www.javaop.com 


Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-22 19:47 CDT
NSE: Script Scanning completed.
Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http
|_ http-userdir-enum: Potential Users: root, admin, test
|  http-enum:
|  /icons/ Icons and images
|  /robots.txt Robots file
|  /sw/auth/login.aspx Citrix WebTop
|  /images/outlook.jpg Outlook Web Access
|  /nfservlets/servlet/SPSRouterServlet/ netForensics
|_ /nfservlets/servlet/SPSRouterServlet/ netForensics


We might end up needing to have priorities or categories for the
signatures if we're going to include so many paths.  For example, the
last four above look useful.  But things like /icons and /rss might or
might not be worth printing by default.  One could also argue that we
don't need to print /robots.txt by default since we already have a
default script which prints its contents.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [NSE] apache-userdir-enum, (continued)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
  - Re: [NSE] apache-userdir-enum jah (Jul 28)
    - Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
    - Re: [NSE] apache-userdir-enum jah (Aug 10)
    - Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
    - Re: [NSE] apache-userdir-enum jah (Aug 17)
    - Re: [NSE] apache-userdir-enum Ron (Aug 22)
    - Re: [NSE] apache-userdir-enum jah (Aug 22)
    - Re: [NSE] apache-userdir-enum Ron (Aug 22)
    - Re: [NSE] apache-userdir-enum Ron (Aug 22)
    - Re: [NSE] apache-userdir-enum Fyodor (Aug 23)
    - Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Fyodor (Jul 27)
  - Re: [NSE] apache-userdir-enum Sven Klemm (Jul 28)