Re: http-changelog.nse script and GSoC participation.

[Yashin Mehaboobe <yashinm92 () gmail com>]

I've made the changes you suggested i.e allow any file to be fingerprinted.
Right now the script takes a resource argument which will point out the
file which is to be hashed. A file containing the hashes for comparison
will be kept in the nselib/data folder. Code is here:
https://gist.github.com/Sp3ctr3/5786362 . The database file is available
here: https://gist.github.com/Sp3ctr3/5788511


On Sat, Apr 27, 2013 at 9:15 PM, David Fifield <david () bamsoftware com>wrote:

> On Wed, Apr 10, 2013 at 11:58:00PM +0200, Jesper Kückelhahn wrote:
> > Sorry about that, I thought I included some in there. I've attached the
> > md5s of change logs I discovered in my research. There are a lot of other
> > static files also (readme, install, robots.txt, copying, license, etc)
> that
> > also could have potential interest.
>
> This is right. I'm still working on replying to Jesper's thread at
> http://seclists.org/nmap-dev/2013/q1/356, but the general idea is right.
>
> There will not be a script called http-changelog. Changelog was just an
> example used on the SecWiki page. Of course the script should be able to
> handle any files, not just changelogs.
>
> I think the best course of action is to add a new match type to
> http-enum, one that matches a file hash rather than a regular
> expression. A separate script that has a database of hashes would also
> be okay. The general approach should unify scripts like http-favicon and
> http-php-version.
>
> David Fifield



-- 
- Yashin Mehaboobe
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/