Nmap Development mailing list archives
Re: http-enum signatures BIG update
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 1 Jul 2011 10:08:10 -0500
Cool! I was looking through the signatures, and I notice there were several duplications: some probes were listed twice for the same fingerprint, and some fingerprints were listed twice, with maybe one extra probe in one versus the other. I also found a couple fingerprints that appeared (based on some quick googling) to match the wrong product. I put my corrections, along with one question in a comment, in the diff attached here. Given how long http-enum takes to run (in my experience), any reduction in the number of probes is helpful. On that note, some of these probes are being sent a couple times each, for different fingerprints, in different categories, etc. Would it be beneficial to keep some sort of a cache of replies, so that these probes don't get sent multiple times? For instance, we could pre-process the fingerprints, and make each probe a key into a table of responses (which would de-duplicate them). Then loop over the keys, storing the responses. Finally, loop through the fingerprints and do a lookup into the response table to find a match. This might take too much memory, especially if there are a lot of GET requests (vs HEAD), but I'd like to hear the devs' thoughts on it. Dan On Fri, Jul 1, 2011 at 7:21 AM, Paulino Calderon <paulino () calderonpale com> wrote:
Good news nmap-dev, Revision 24538 doubles up the number of signatures of http-enum, from 107 to 227! These new entries are under the categories: general, attacks, cms, security, management and database. I'm attaching the diff file of this commit. Cheers. -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/paulinocaIderon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Attachment:
http-fingerprints.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-enum signatures BIG update Paulino Calderon (Jul 01)
- Re: http-enum signatures BIG update Daniel Miller (Jul 01)
- Re: http-enum signatures BIG update Ron (Jul 01)
- Re: http-enum signatures BIG update Paulino Calderon (Jul 01)
- Re: http-enum signatures BIG update Fyodor (Jul 01)
- Re: http-enum signatures BIG update Daniel Miller (Jul 01)