Nmap Development mailing list archives
Re: http-enum.nse mods
From: David Fifield <david () bamsoftware com>
Date: Wed, 14 Mar 2012 15:34:50 -0700
On Mon, Mar 12, 2012 at 10:07:26PM -0400, Micah wrote:
I took a look at the http-backup-finder.nse and http-enum.nse scripts and saw that most all of the function of http-backup-finder.nse is already in http-enum.nse. I modded the http-enum.nse script with several additional file extensions (pulled from nikto) for completeness. I recommend someone with a little more scripting experience take a look at these two scripts and probably remove the http-backup-finder.nse. Modded http-enum.nse attached for review/submission.
Thank you for sending this, Micah. I've attached a patch of your change so others can more easily see what it does. In short, it adds the new extensions .orig, .back, .backup, .old, and .tbz2. I'm not familiar with the part of the code that handles those extensions, so I'll let others say whether they are worth adding. As for http-backup-finder, I don't think that adding these extensions makes http-enum a replacement for it. The difference is that http-backup-finder spiders the site and looks for backups of names that it finds--names that http-enum doesn't know in advance. Conceivably this could be a replacement for http-config-backup, except that that script is more narrowly focused and has support for saving files. David Fifield
Attachment:
http-enum-micah.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-enum.nse mods Micah (Mar 12)
- Re: http-enum.nse mods David Fifield (Mar 14)
- Re: http-enum.nse mods Micah (Mar 14)
- Re: http-enum.nse mods David Fifield (Mar 14)