Nmap Development mailing list archives
Re: [NSE] http-webdav
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Sat, 23 May 2015 17:46:18 +0530
Hi list, Daniel suggested that I merge the output of PROPFIND and OPTIONS in http-webdav-scan. I have done so in the latest version[1]. Feedback and suggestions are welcome. Gyani [1]https://svn.nmap.org/nmap-exp/gyani/scripts/http-webdav-scan.nse On Thu, May 21, 2015 at 1:04 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:
Hi list, I talked to my mentor he suggested a few changes. The following changes have been made. * Missing "requires" added. * @xmloutput added * Removed overwriting of headers. * Fixed category information. * Split the script into two. http-webdav-scan[1] : This script runs as a default script and finds out whether a server is running WebDAV or not. Throws various information like server type, webdav type, exposed directories, exposed internal ip addresses if running WebDAV. This makes use of the `OPTIONS` and `PROPFIND` method. http-webdav-perms[2]: This script is an intrusive exploitation script that finds out whether the given WebDAV server gives write permissions to unauthenticated users. It tries to upload various files, renames them and tells if they are executable or not. This makes use of the `MKCOL`, `DELETE`, `PUT` and `MOVE` methods. Gyani [1]https://svn.nmap.org/nmap-exp/gyani/scripts/http-webdav-scan.nse [2]https://svn.nmap.org/nmap-exp/gyani/scripts/http-webdav-perms.nse On Wed, May 20, 2015 at 12:02 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:Hi list, I have finished working on http-webdav[1]. I am sure that there are some changes to make. I tested this with PyWebDAV, I'll soon test this with other environments. The script looks for WebDAV servers with insecure permissions and methods. Please try the script and make suggestions if any! I have attached the script. Also look at [2] for the latest version. Gyani [1]https://secwiki.org/w/Nmap/Script_Ideas#http-webdav [2] https://github.com/h4ck3rk3y/nmap/blob/master/test_scripts/http-webdav.nse
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-webdav Gyanendra Mishra (May 19)
- Re: [NSE] http-webdav Gyanendra Mishra (May 20)
- Re: [NSE] http-webdav Gyanendra Mishra (May 23)
- Re: [NSE] http-webdav Paulino Calderon Pale (May 26)
- Re: [NSE] http-webdav Gyanendra Mishra (Jun 01)
- Re: [NSE] http-webdav Gyanendra Mishra (Jun 01)
- Re: [NSE] http-webdav Gyanendra Mishra (Jun 02)
- Re: [NSE] http-webdav Gyanendra Mishra (May 20)