Nmap Development mailing list archives

Re: Please help

From: Fyodor <fyodor () insecure org>
Date: Mon, 4 Jun 2012 13:06:51 -0700

On Fri, Jun 01, 2012 at 11:15:43PM +0100, Hani Benhabiles wrote:


I don't it is necessary, given that there is already a generic test 
before launching the brute force.

if ( response.status ~= 401 ) then
    return ("  \n  Path \"%s\" does not require 
authentication"):format(path)
end


I agree that it is probably best to use "/" by default, so I just
checked in that change.  I also updated the script to use
get_script_args() rather than accessing the registry.args directly.

One thing I noticed while testing my changes is that http-brute
doesn't seem to support HTTP digest auth.  When my server asked for
digest auth, the script proceeded to send thousands of useless (in
this case) HTTP basic auth attempts.  This would be a very useful (and
probably not too hard) improvement for someone to make.  I'll add it
to the script ideas page (https://secwiki.org/w/Nmap_Script_Ideas).

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Please help M.Younas Imran (May 31)
- Re: Please help James Rogers (May 31)
  - Re: Please help Hani Benhabiles (May 31)
    - Re: Please help David Fifield (May 31)
    - Re: Please help James Rogers (May 31)
    - Re: Please help M.Younas Imran (Jun 01)
    - Re: Please help Hani Benhabiles (Jun 01)
    - Re: Please help Fyodor (Jun 04)
- Re: Please help Ron (May 31)