Nmap Development mailing list archives
Re: [NSE] http-dir-brute
From: Ron <ron () skullsecurity net>
Date: Mon, 21 Nov 2011 13:20:52 -0600
No, almost everything should be HEAD. The script checks if HEAD works and falls back to GET if the server doesn't support HEAD. Ron On Mon, 21 Nov 2011 14:20:27 +0100 Hani Benhabiles <kroosec () gmail com> wrote:
I missed the long miscellaneous category at the end of the file, my bad ! Talking about http-fingerprints.lua, is there a reason for using GET requests when there is no matching applied on the response body ? e.g: table.insert(fingerprints, { category='general', probes={ {path='/egroupware/', method='GET'} }, matches= { {match='', output='eGroupware'} } }) Cheers, Hani On Sun, Nov 20, 2011 at 9:49 PM, Patrik Karlsson <patrik () cqure net> wrote:On Sun, Nov 20, 2011 at 4:07 PM, Hani Benhabiles <kroosec () gmail com>wrote:Hi Patrik, I know of http-enum but this script serves a rather different purpose. It works like tools such as OWASP DirBuster, relying on response code to HEAD requests to discover directories (from http-folders.txt) independently of the web app. http-enum uses a larger and more general fingerprints file that requests certain files (and parse the response content in some cases) to identify the specific web applications (e.g if '/wordpress/wp-login.php' contains 'ver=20080708' => WordPress 2.6.x) Well, that's not entirely true, since 891 of the 894 directories inhttp-folders.txt are already checked by http-enum. Most of them are in the miscellaneous category so you filter on that using the http-enum.category argument. Maybe I'm not seeing it right, but I'm not sure that I understand how this script is any different than what http-enum does. I'm familiar with OWASPs DirBuster, but I haven't used it for sometime now, but as I remember it does file, suffix and nested directory checks too? Cheers, //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77-- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: kroosec <https://twitter.com/#%21/kroosec> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-dir-brute Hani Benhabiles (Nov 18)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 19)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 20)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 20)
- Message not available
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 21)
- Re: [NSE] http-dir-brute Ron (Nov 21)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 22)
- Re: [NSE] http-dir-brute David Fifield (Nov 22)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 23)
- RE: [NSE] http-dir-brute Rob Nicholls (Nov 22)
- Re: [NSE] http-dir-brute Ron (Nov 23)
- Re: [NSE] http-dir-brute Hani Benhabiles (Nov 20)
- Re: [NSE] http-dir-brute Patrik Karlsson (Nov 19)