Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-unsafe-output-escaping help

From: Martin Holst Swende <martin () swende se>
Date: Thu, 09 Aug 2012 08:34:31 +0200
Hi,

On 08/09/2012 01:30 AM, Milliron, Brian wrote:

I'm not able to get this script to spider from the specified start point.  It also does not do anything if the -sn 
-Pn options are selected.  I'm using this command line:

nmap --script +http-unsafe-output-escaping.nse --script-args 
'http-unsafe-output-escaping.url=/1057/hephastus/3ofclubs/index2.html' --script-trace -p 80 athena.ordonomicon.net


Specifying -Pn works fine for me, however, -sN results in the port being
found closed. I assume that's why you use the '+', to force the script
to run. However, the 'force'-option does not work that way; it is not
intended to force scripts to run on closed ports, only on ports where
the service has not been identified (or incorrectly identified), so it
will not make any difference here.



But it keeps trying to scan the root, which goes nowhere:


This is now fixed, it was simple a mistake on my part. I now send 'nil'
to the library instead, and let the library sort out the parameters.
This has been committed as r29538, but the diff is inlined so it can be
applied without updating from svn:

$ svn diff scripts/http-unsafe-output-escaping.nse
Index: scripts/http-unsafe-output-escaping.nse
===================================================================
--- scripts/http-unsafe-output-escaping.nse    (revision 29537)
+++ scripts/http-unsafe-output-escaping.nse    (working copy)
@@ -123,7 +123,7 @@
 
 action = function(host, port)
 
-    local crawler = httpspider.Crawler:new(host, port, '/', {
scriptname = SCRIPT_NAME } )
+    local crawler = httpspider.Crawler:new(host, port, nil, {
scriptname = SCRIPT_NAME } )
     crawler:set_timeout(10000)
    
     local results = {}



Brian Milliron
Sempra Energy Utilities
Information Security Engineering
BMilliron () semprautilities com<mailto:BMilliron () semprautilities com>
858-613-5781

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Regards,
Martin Holst Swende

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: