Nmap Development mailing list archives
Re: [NSE] script to measure the time a website takes to deliver its pages
From: Gutek <ange.gutek () gmail com>
Date: Thu, 08 Mar 2012 09:21:31 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 08/03/2012 02:01, Fyodor a écrit :
On Tue, Mar 06, 2012 at 02:03:57PM +0100, Gutek wrote:It first uses httpspider to take an instant measure on each page, then query each url 5 times with an anti-cache trick to measure an average speed. I'm not sure about a script name that could be consistent with the Nmap scripts terminology, and about the categories as well: it's not DoS as defined in the script categories, but it's DoS related...Hi Gutek, I think this is a clever and useful script! But I'm wondering if it would make sense to just test the given page (e.g. the default of "/" or the one specified by http-chrono.url) by default, and then do the spidering by request. Perhaps this could be done by setting http-chrono.maxpagecount to 1 by default rather than 20. That way the script gives an estimate of the web server's overall speed by default (useful for comparing multiple web servers to find the slow ones), but a user can easily specify a wider scan of many paths on an individual webserver if desired. Cheers, -F
Hi, thanks for the smart advice !
here is an updated version accordingly with a more documented @usage block:
- ---
- -- @usage
- -- Without any optional argument the script defaults to chrono only the
first page, which is root ("/") by default.
- -- With this in mind:
- -- o if you want to do a quick test on a bunch of webservers for their
overall speed without making much noise then try:
- -- nmap --script=http-chrono <target1> <target2> <target..>
- -- o you may already have a clue of a ressource-intensive page on your
targets list, let's say /forum/memberlist.php because it probably
stresses the database:
- -- nmap --script=http-chrono
- --script-args='http-chrono.url="/forum/memberlist.php"' <target1>
<target2> <target..>
- -- o when you have identified the slower one, then you may want to
analyse all known pages:
- -- nmap --script=http-chrono
- --script-args='http-chrono.maxpagecount=[max number of links to
chrono|-1 for any link found within maxdepth]' <target>
- --
Regards,
A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9YbAsACgkQ3aDTTO0ha7ikoACdF2ZCejo4NRUtmCiGsi8T08LV
SPMAnjqGBgmWF+1M0SfZbASbI3+Tho4K
=33TR
-----END PGP SIGNATURE-----
Attachment:
http-chrono.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] script to measure the time a website takes to deliver its pages Gutek (Mar 06)
- Re: [NSE] script to measure the time a website takes to deliver its pages Fyodor (Mar 07)
- Re: [NSE] script to measure the time a website takes to deliver its pages Gutek (Mar 08)
- Re: [NSE] script to measure the time a website takes to deliver its pages Patrik Karlsson (Mar 23)
- Re: [NSE] script to measure the time a website takes to deliver its pages Gutek (Mar 08)
- Re: [NSE] script to measure the time a website takes to deliver its pages Fyodor (Mar 07)