Nmap Development mailing list archives

Re: http-enum signatures BIG update

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 1 Jul 2011 10:08:10 -0500

Cool!

I was looking through the signatures, and I notice there were several
duplications: some probes were listed twice for the same fingerprint,
and some fingerprints were listed twice, with maybe one extra probe in
one versus the other. I also found a couple fingerprints that appeared
(based on some quick googling) to match the wrong product. I put my
corrections, along with one question in a comment, in the diff
attached here. Given how long http-enum takes to run (in my
experience), any reduction in the number of probes is helpful.

On that note, some of these probes are being sent a couple times each,
for different fingerprints, in different categories, etc. Would it be
beneficial to keep some sort of a cache of replies, so that these
probes don't get sent multiple times? For instance, we could
pre-process the fingerprints, and make each probe a key into a table
of responses (which would de-duplicate them). Then loop over the keys,
storing the responses. Finally, loop through the fingerprints and do a
lookup into the response table to find a match. This might take too
much memory, especially if there are a lot of GET requests (vs HEAD),
but I'd like to hear the devs' thoughts on it.

Dan

On Fri, Jul 1, 2011 at 7:21 AM, Paulino Calderon
<paulino () calderonpale com> wrote:


Good news nmap-dev,

Revision 24538 doubles up the number of signatures of http-enum, from 107 to 227! These new entries are under the 
categories: general, attacks, cms, security, management and database. I'm attaching the diff file of this commit.

Cheers.

--
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: http://www.twitter.com/paulinocaIderon


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: http-fingerprints.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

http-enum signatures BIG update Paulino Calderon (Jul 01)
- Re: http-enum signatures BIG update Daniel Miller (Jul 01)
  - Re: http-enum signatures BIG update Ron (Jul 01)
  - Re: http-enum signatures BIG update Paulino Calderon (Jul 01)
- Re: http-enum signatures BIG update Fyodor (Jul 01)