Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-barracuda-dir-traversal.nse

From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 20 Jun 2011 18:28:05 +0100
On Sun, Jun 19, 2011 at 07:30:19PM +0200, Patrik Karlsson wrote:


On Jun 14, 2011, at 10:36 AM, Fyodor wrote:


On Thu, Jun 09, 2011 at 10:48:16PM +0200, Patrik Karlsson wrote:

I've sent a proposed solution, a library and a few sample scripts to the
list.
http://seclists.org/nmap-dev/2011/q2/504

As I didn't get a single comment on it, I simply forgot about it.
I think it's a good solution (obviously as I wrote and posted it), if you
have the time to check it out and think so as well, I'm happy to commit it.
Once committed, new scripts can make use of it and I can start changing
the brute library to use it to.


For what it is worth, I think it is a good idea too.

Cheers,
Fyodor



Thank's Fyodor,

I've committed the credential library along with the changes to the brute library and scripts as r24134.
I also fixed an ugly bug in the brute library that would cancel execution of all scripts if one script requested it.
I would like to commit an additional scripts that summarizes the results of all brute script as a postrule.
I'm attaching it here as well and would like to hear any comments and ideas on which categories to put it in?

* Categories: perhaps you should add the categories of the scripts
  that will use the credential library, but not all of them:
  'auth' and 'vuln' ?

* postrule: you can add a check in the rule to see if the Credentials
  table is not nil and was used, this way we do not run the script (to
  avoid running the post-scan phase if there is noting to report).


-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: