Nmap Development mailing list archives
Re: [NSE] apache-userdir-enum
From: Fyodor <fyodor () insecure org>
Date: Sat, 22 Aug 2009 22:45:17 -0700
On Sat, Aug 22, 2009 at 07:48:23PM -0500, Ron wrote:
On 08/22/2009 04:59 PM, jah wrote:On 22/08/2009 22:41, Ron wrote:Since duplicating effort is always bad, maybe I'll make a http-helper.lua nselib (or maybe even add to http.lua?) the functions that let me do this, and document them. Then we can use those for both http-enum.nse and apache-userdir-enum. Let me know if you guys think it's a good idea and I'll go ahead and do it.Yes, good idea.All right, r15233 contains an updated version of http-userdir-enum.nse that uses the logic I wrote (HEAD requests when possible, decent 200-page detection, etc). Check it out and let me know what you think! I haven't done significant testing yet, since I don't have access to much unless I'm at work (at home I just use "-iR 1000" to find stuff, but I'm always paranoid I'll get in trouble :) ). That being said, it seems to work nicely against the stuff I DO have: -- $ ./nmap --script=http-enum,http-userdir-enum -p80 -T4 www.javaop.com Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-22 19:47 CDT NSE: Script Scanning completed. Interesting ports on test.skullsecurity.org (208.81.2.52): PORT STATE SERVICE 80/tcp open http |_ http-userdir-enum: Potential Users: root, admin, test | http-enum: | /icons/ Icons and images | /robots.txt Robots file | /sw/auth/login.aspx Citrix WebTop | /images/outlook.jpg Outlook Web Access | /nfservlets/servlet/SPSRouterServlet/ netForensics |_ /nfservlets/servlet/SPSRouterServlet/ netForensics
We might end up needing to have priorities or categories for the signatures if we're going to include so many paths. For example, the last four above look useful. But things like /icons and /rss might or might not be worth printing by default. One could also argue that we don't need to print /robots.txt by default since we already have a default script which prints its contents. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE] apache-userdir-enum, (continued)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
- Re: [NSE] apache-userdir-enum jah (Aug 10)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
- Re: [NSE] apache-userdir-enum jah (Aug 17)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum jah (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 23)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Sven Klemm (Jul 28)