Nmap Development mailing list archives
Re: NSE - Sitecore version detection
From: Hani Benhabiles <kroosec () gmail com>
Date: Thu, 06 Sep 2012 18:51:23 +0100
On 09/04/2012 07:51 PM, Jesper Kückelhahn wrote:
Hi,
Hi Jesper,
Thanks for your reply, Hani. I've looked into the http-enum script (and the fingerprint file), and it does make sense to extend this instead of creating a bunch of new stand-alone scripts. I've attached the diff output for nmap/nselib/data/http-fingerprints.lua with the Sitecore version extraction.
Are you sure about these fingerprints, especially the /sitecore/ prefix which could be just the folder used for the application you are testing against. (ie. something like /blog/ is not related to wordpress itself). I am trying to find out any occurrences in the wild but so far my Google-fu returned nothing valuable, yet. Do you know of any which are on the internet. (you could email me off-list if needed)
- Jesper On Mon, 2012-09-03 at 23:15 +0100, Hani Benhabiles wrote:On 09/03/2012 10:56 PM, Jesper Kückelhahn wrote:Hi, I'm a happy nmap user and really appreciate all the hard work that is put into this nice piece of software. As I'd like to give a little back to the community, I thought I'd start by writing some scripts for the NSE. I've attached the script here, as I haven't found any other place for this. Is this the right place for such submissions ? The attached script extracts Sitecore (CMS) version. Output example: 80/tcp open http | http-sitecore-version: |_ 6.4.1 (rev. 110621) Any comments and improvement suggestions are very welcome. Sorry if this gets double posted, I never used a mailing list before. - Jesper _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Hi Jesper, Your wish to give back to the community is very appreciated. However, for a task such as fingerprinting a web application, you may want to take a look at http-enum scripts (and nselib/data/http-fingerprints.lua file) which is used specifically for regrouping fingerprints for differents CMS and web applications instead of having a script for each CMS/app. It would be better suited to add the fingerprints there. Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE - Sitecore version detection Jesper Kückelhahn (Sep 03)
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 03)
- Re: NSE - Sitecore version detection Jesper Kückelhahn (Sep 04)
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 06)
- Re: NSE - Sitecore version detection David Fifield (Sep 10)
- Message not available
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 12)
- Re: NSE - Sitecore version detection Jesper Kückelhahn (Sep 04)
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 03)
- <Possible follow-ups>
- NSE - Sitecore version detection Jesper Kückelhahn (Sep 05)