Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-changelog.nse script and GSoC participation.

From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Jul 2013 03:17:36 -0700
On Sat, Jun 15, 2013 at 09:12:02PM +0530, Yashin Mehaboobe wrote:

I've made the changes you suggested i.e allow any file to be fingerprinted.
Right now the script takes a resource argument which will point out the
file which is to be hashed. A file containing the hashes for comparison
will be kept in the nselib/data folder. Code is here:
https://gist.github.com/Sp3ctr3/5786362 . The database file is available
here: https://gist.github.com/Sp3ctr3/5788511


I'm a bit confused by the database format at
https://gist.github.com/Sp3ctr3/5788511. The entries don't seem to have
the name of the file that should be hashed to get them. How does the
http-staticfile script at https://gist.github.com/Sp3ctr3/5786362 know
what files to request?

Anyway, I think this approach of a new database and new script is not
the best one. I would rather see the http-enum database augmented with a
new md5 match type. There's really no reason to have separate scripts
that differ only in how they match fingerprints.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: