Nmap Development mailing list archives
George's status report - #13 of 16
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 3 Sep 2013 02:18:39 +0300
Hello, This is my 13th report. Unfortunately, exams are starting again on Wednesday so i may have to slow down a little. Accomplishments: * Upgraded http-blindsql-injection. It took me a while to finish this script because things were more complicated than i thought. It now supports both content and time-based injections and works against both URLs and forms. I made it as much configurable as possible and i set up a simple web application to test it against. * I've added url encode/decode methods to url library. These are nesseceary for http-blindsql-injection where i need to subtitute spaces with "%20" or "+" while testing my vectors against URLs. * Upgraded http-archive. While the first idea was to just parse the most important previous versions, i eventually came up with a script that crawls through these previous versions and extracts links from them. It then checks if these links exist today and outputs the results. So, by using this script apart from getting an overview of the website through time, you may discover hidden pages that were used in the past but still exist today. Me and Patrick think that we can split this idea into 2 or more scripts. Priorities: * Split http-archive logic into more scripts. * Post http-archive scripts and http-blindsql-injection to this list. * See if we can get permission to use nikto's database file. * Write a script that creates a dictionary based on common words in HTTP responses. This dictionary can be used later by the brute library. -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- George's status report - #13 of 16 George Chatzisofroniou (Sep 02)