Nmap Development mailing list archives

Re: [NSE] script to detect phpfilevault version 09

From: Johanna Curiel <johannapcuriel () gmail com>
Date: Sat, 20 Aug 2016 19:01:12 -0400

Hi Daniel

Thank you for the feedback, as you can see I'm a beginner with regards the
NSE  ;-) .

Indeed, adding the path to the http-fingerprints file adds the same
functionality, but given the few use of this plugin might not be even worth
it. For me is about learning lua and nse scripting, so I appreciate your
feedback.

With regards NSE scripts that might be more interesting to contribute to, I
have been looking to this:
https://secwiki.org/w/Nmap/Script_Ideas#vulndb

Could you provide a little more info into the requirements described in
here?

When looking into vulnerabilities and creating NSE scripts for them, what
kind of vulnerabilities have priority or could be  interesting to write
for? I have been looking into them in exploit-db, but as you have pointed
out, there are other considerations such as how popular and the impact of
the vulnerability, or even considering adding the path to the database if a
script like http-enum can be used.

After a while writing some lua I kind of feel comfortable enough to write a
more robust NSE script where I can contribute , but at the same time, a
script that is also valuable to the community.

Your guidance on this is highly appreciated.

Cheers

Johanna



On Fri, Aug 19, 2016 at 5:49 PM, Daniel Miller <bonsaiviking () gmail com>
wrote:

Johanna,

Thanks for this contribution. Given the simplicity of the check, I think
you could easily convert it to a http-enum fingerprint [1]. Check out the
fingerprints file in nselib/data/http-fingerprints.lua. This has the
added benefit of handling a few common cases that might cause
false-positives, specifically servers that return 200 OK for every request.
I don't think it would work well as a standalone script because of how
little this plugin is used: only 119 downloads in the last year, 90 or so
of which came immediately after the vulnerability was disclosed.

Let us know how it goes! We'd be glad to help and credit you with your
first entry in the CHANGELOG.

Dan



[1] https://nmap.org/nsedoc/scripts/http-enum.html

On Thu, Jul 28, 2016 at 10:58 PM, Johanna Curiel <johannapcuriel () gmail com

wrote:

Hi list,

Couple of days ago the following vulnerability was reported
https://www.exploit-db.com/exploits/40163/


I wrote the following nse script (tested)
https://github.com/jowasp/nmap/blob/master/scripts/http-phpf
ilevault09-dir-traversal.nse


Cheers

Johanna



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] script to detect phpfilevault version 09 Johanna Curiel (Jul 28)
- Re: [NSE] script to detect phpfilevault version 09 Daniel Miller (Aug 19)
  - Re: [NSE] script to detect phpfilevault version 09 Johanna Curiel (Aug 20)
    - Re: [NSE] script to detect phpfilevault version 09 Johanna Curiel (Aug 21)