Nmap Development mailing list archives
Re: [NSE] http-config-backup
From: David Fifield <david () bamsoftware com>
Date: Tue, 28 Feb 2012 18:23:44 -0800
On Tue, Feb 14, 2012 at 08:00:51PM +0100, Riccardo Cecolin wrote:
Hi I'm a grad student, I'd like to learn how nmap works and then slowly start contributing to the project. I started choosing a simple script from the "Script Ideas" page and implementing it. Attached to this mail there's "http-config-backup". Let me know what can be fixed/improved.
I have taken a closer look at this script. It is overall nicely done. I have made a bunch of changes and attached the modified script. There are a few more things I'd like you to do, if you will, before the script is committed. The first is that I'd like you to cross-check the list of paths against the original CMSploit implementation at https://github.com/feross/CMSploit/blob/master/NodeJS/cmsploit.coffee. The reason is that I noticed that your script doesn't check paths of the form ".BASENAME.swp", only the version without a leading dot. It also checks some other paths that seem to come from http-backup-finder. I'd like to know exactly what paths are being queried, so we can decide if there's a good reason for any differences. Ideally, I'd like to have two text files; one a transcript of the queries made by http-config-backup.nse, and one a transcript of cmsploit.coffee. If you can't easily run cmsploit.coffee, then maybe you can at least recover a complete list of paths by tracing through what the source code does. The "save" script argument shouldn't be a simple boolean; rather it should be the name of a directory in which to store the downloaded pages. Can you check how other scripts handle this situation and make your script match? David Fifield
Attachment:
http-config-backup.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-config-backup Riccardo Cecolin (Feb 14)
- Re: [NSE] http-config-backup David Fifield (Feb 14)
- Re: [NSE] http-config-backup Riccardo Cecolin (Feb 14)
- Re: [NSE] http-config-backup David Fifield (Feb 28)
- Re: [NSE] http-config-backup Riccardo Cecolin (Feb 29)
- Re: [NSE] http-config-backup David Fifield (Mar 06)
- Re: [NSE] http-config-backup Riccardo Cecolin (Mar 08)
- Re: [NSE] http-config-backup Riccardo Cecolin (Feb 29)
- Re: [NSE] http-config-backup David Fifield (Feb 14)