Re: [NSE] [patch] Big changes to http-enum.nse

[Martin Holst Swende <martin () swende se>]

 I like the way that probes and matches are separated. Also, Patrik uses
a non-lua format, while Ron uses a Lua-format. The former is maybe more
robust - the parser can read a line at a time and parse-errors will only
make the current row defunct. An error in the latter will make the whole
definition unable to load. On the other hand, it is probably more
efficient. I am not sure which I prefer.

One thing that should be taken into account if probes/matches are split
are all those "potentially interesting folder". How should we deal with
them ?

One way could be to use named matches, i.e. a Match with a name will
only be run against probes who have named them explicitly by enabling
them by name (but other matches will also be tested against the probes -
perhaps we need another attribute if we want to specify a probe to use
one match exclusively - but I cannot think of a good example of when
that would be needed)

Pseudocode:

#Oracle web server
probe {path='/footer1.gif', verb='GET' , enable="oraclews"}
match{ status="200", desc="Oracle Web Server", ifenabled="oraclews"}

#This will find /admin/-folder, but also checks if directory listing is
enabled
probe { path="/admin/", verb="GET", enable="interesting,dirlist" }
match{ status="200", desc="Potentially interesting folder",
ifenabled="interesting"}
match{ status="200",ifenabled="dirlist" desc="Directory listing
enabled", body="\<title\>(Index of\|2)(.*)\<.*Index of"}

I think this script could become very useful, it is looking very good.
/Martin


On 10/18/2010 09:06 AM, Patrik Karlsson wrote:
> On 17 okt 2010, at 22.55, Ron wrote:
>
> All right, I'm attaching my newest patch (and the
> http-fingerprints.lua file separately, in case people just want to
> check that out). I think it addresses all the ideas we've thrown
> around so far in a pretty nice way. The configuration file is now a
> .lua and basically builds a fairly flexible table. There is a bunch of
> validation in the script to ensure the person didn't miss a required
> field or use an incorrect variable type, too.
>
> I need to go over the fingerprints file and do some cleanup, but the
> actual functionality is here now.
>
> Comments would be great!
>
> Ron
<http-fingerprints.lua><http-enum-changes-2.patch>

> I'm attaching the code I started writing. I've cleaned up the worst
mess but it still very far from complete and lacks much of what Ron has
added to http-enum.
> It works the way I described in the last e-mail and like I said, maybe
it isn't such a good idea to split the matches from the probes?

> //Patrik




> --
> Patrik Karlsson
> http://www.cqure.net
> http://www.twitter.com/nevdull77







> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/