Re: Best practice for web vulnerability scripts?

[Ron Bowes <ron () skullsecurity net>]

I personally haven't added structured output, not sure if anybody else has.

Sounds good @ the distinction, though!

While we're on the topic, my co-worker was asking why the code that looks
for [file].old / [file].bak / etc variations is commented out. The svn
commit was a merge from an experimental branch, so that's not useful (if
only we used git... ;) ). Does anybody know?


On Tue, May 27, 2014 at 1:50 PM, Rob Nicholls <robert () robnicholls co uk>wrote:

> I'd suggest that http-enum is for enumerating common files, identifying
> whether a file or directory exists. Anything that checks whether a
> vulnerability exists should ideally use the vuln library from now on, as it
> allows references, descriptions etc. to be associated, and the output
> should
> be well structured. The http-enum script probably needs a review at some
> point though, IIRC it doesn't have structured output yet either?
>
> Rob
>
> > -----Original Message-----
> > From: dev [mailto:dev-bounces () nmap org] On Behalf Of Ron Bowes
> > Sent: 27 May 2014 21:19
> > To: Nmap-dev
> > Subject: Best practice for web vulnerability scripts?
> >
> > Hey,
> >
> > I gave Claudiu a simple vulnerability check to write - basically, an auth
> > bypass in some CMS software. It has an associated CVE number and stuff.
> >
> > It could very easily be written as a http-enum.nse fingerprint, but I've
> > noticed that some vulnerability scripts are being written separately so
> they
> > can use the vulnerability library and report them by CVE number.
> >
> > What's the current best practice we're using?
> >
> > Thanks!
> >
> > Ron
> > _______________________________________________
> > Sent through the dev mailing list
> > http://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/