Nmap Development mailing list archives

Re: [NSE] [patch] Big changes to http-enum.nse

From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 18 Oct 2010 06:25:15 +0200


On 17 okt 2010, at 22.55, Ron wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All right, I'm attaching my newest patch (and the http-fingerprints.lua file separately, in case people just want to 
check that out). I think it addresses all the ideas we've thrown around so far in a pretty nice way. The 
configuration file is now a .lua and basically builds a fairly flexible table. There is a bunch of validation in the 
script to ensure the person didn't miss a required field or use an incorrect variable type, too. 

I need to go over the fingerprints file and do some cleanup, but the actual functionality is here now. 

Comments would be great!


While being a lot more flexible, wouldn't the new format still require four match lines for eg. Outlook Web Access in 
the following examples?

table.insert(fingerprints, { path='/mail/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }})
table.insert(fingerprints, { path='/webmail/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }})
table.insert(fingerprints, { path='/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }})
table.insert(fingerprints, { path='/owa/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }})

I was thinking more along the lines:

Probe { path="/mail/", verb="GET"  }
Probe { path="/webmail/", verb="GET"  }
Probe { path="/", verb="GET"  }
Probe { path="/owa/", verb="GET"  }

match { status="200", body="*owa*", desc="Outlook Web Access" }

I might be missing something that makes the choice of splitting the Probe and match like this a very bad idea?
I have some *very* basic code, very far from what you achieved, that reads the above format, sends the probes and 
starts matching.
I can send it over in it's current state if you want to have a look at it.

//Patrik


Ron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iEYEARECAAYFAky7YtUACgkQ2t2zxlt4g/TYSwCcDQ2MVr2FYG8uQcUR3g2J9Ln5
sEgAoJG8rIy6N+DD092stMOgoxeJKhoY
=qJcm
-----END PGP SIGNATURE-----
<http-fingerprints.lua><http-enum-changes-2.patch>


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] [patch] Big changes to http-enum.nse Ron (Oct 16)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
  - Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
    - Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
    - Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
    - Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
    - Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
    - Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
    - Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 18)
    - Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 18)
    - Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 18)
    - Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 19)
    - Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 19)
    - Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 19)
    - Re: [NSE] [patch] Big changes to http-enum.nse Patrick Donnelly (Oct 19)
    - Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 21)
    - Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 21)
    - Re: [NSE] [patch] Big changes to http-enum.nse Jacky Jack (Oct 23)

(Thread continues...)