Nmap Development mailing list archives
Re: [NSE] [patch] Big changes to http-enum.nse
From: Martin Holst Swende <martin () swende se>
Date: Mon, 18 Oct 2010 10:13:47 +0200
I like the way that probes and matches are separated. Also, Patrik uses a non-lua format, while Ron uses a Lua-format. The former is maybe more robust - the parser can read a line at a time and parse-errors will only make the current row defunct. An error in the latter will make the whole definition unable to load. On the other hand, it is probably more efficient. I am not sure which I prefer. One thing that should be taken into account if probes/matches are split are all those "potentially interesting folder". How should we deal with them ? One way could be to use named matches, i.e. a Match with a name will only be run against probes who have named them explicitly by enabling them by name (but other matches will also be tested against the probes - perhaps we need another attribute if we want to specify a probe to use one match exclusively - but I cannot think of a good example of when that would be needed) Pseudocode: #Oracle web server probe {path='/footer1.gif', verb='GET' , enable="oraclews"} match{ status="200", desc="Oracle Web Server", ifenabled="oraclews"} #This will find /admin/-folder, but also checks if directory listing is enabled probe { path="/admin/", verb="GET", enable="interesting,dirlist" } match{ status="200", desc="Potentially interesting folder", ifenabled="interesting"} match{ status="200",ifenabled="dirlist" desc="Directory listing enabled", body="\<title\>(Index of\|2)(.*)\<.*Index of"} I think this script could become very useful, it is looking very good. /Martin On 10/18/2010 09:06 AM, Patrik Karlsson wrote:
On 17 okt 2010, at 22.55, Ron wrote: All right, I'm attaching my newest patch (and the http-fingerprints.lua file separately, in case people just want to check that out). I think it addresses all the ideas we've thrown around so far in a pretty nice way. The configuration file is now a .lua and basically builds a fairly flexible table. There is a bunch of validation in the script to ensure the person didn't miss a required field or use an incorrect variable type, too. I need to go over the fingerprints file and do some cleanup, but the actual functionality is here now. Comments would be great! Ron
<http-fingerprints.lua><http-enum-changes-2.patch>
I'm attaching the code I started writing. I've cleaned up the worst
mess but it still very far from complete and lacks much of what Ron has added to http-enum.
It works the way I described in the last e-mail and like I said, maybe
it isn't such a good idea to split the matches from the probes?
//Patrik
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] [patch] Big changes to http-enum.nse, (continued)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrick Donnelly (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 21)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 21)
- Re: [NSE] [patch] Big changes to http-enum.nse Jacky Jack (Oct 23)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 26)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 27)
- Re: [NSE] [patch] Big changes to http-enum.nse Martin Holst Swende (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Martin Holst Swende (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Martin Holst Swende (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)