Nmap Development mailing list archives
Re: [NSE] [patch] Big changes to http-enum.nse
From: Ron <ron () skullsecurity net>
Date: Mon, 18 Oct 2010 07:57:15 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 18 Oct 2010 06:25:15 +0200 Patrik Karlsson <patrik () cqure net> wrote:
On 17 okt 2010, at 22.55, Ron wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All right, I'm attaching my newest patch (and the http-fingerprints.lua file separately, in case people just want to check that out). I think it addresses all the ideas we've thrown around so far in a pretty nice way. The configuration file is now a .lua and basically builds a fairly flexible table. There is a bunch of validation in the script to ensure the person didn't miss a required field or use an incorrect variable type, too. I need to go over the fingerprints file and do some cleanup, but the actual functionality is here now. Comments would be great!While being a lot more flexible, wouldn't the new format still require four match lines for eg. Outlook Web Access in the following examples? table.insert(fingerprints, { path='/mail/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }}) table.insert(fingerprints, { path='/webmail/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }}) table.insert(fingerprints, { path='/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }}) table.insert(fingerprints, { path='/owa/', verb='GET', matches={ {match='*owa*', output='Outlook Web Access'} }}) I was thinking more along the lines: Probe { path="/mail/", verb="GET" } Probe { path="/webmail/", verb="GET" } Probe { path="/", verb="GET" } Probe { path="/owa/", verb="GET" } match { status="200", body="*owa*", desc="Outlook Web Access" } I might be missing something that makes the choice of splitting the Probe and match like this a very bad idea? I have some *very* basic code, very far from what you achieved, that reads the above format, sends the probes and starts matching. I can send it over in it's current state if you want to have a look at it. //Patrik
I forgot to mention, the 'path' variable can be an array, too. I'm attaching an updated http-fingerprints.lua file. I started cleaning it up, so the first few use a better format. Ron -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAky8RDAACgkQ2t2zxlt4g/R+3ACgxkMRTCVH0kUe/NxFecu1W3YM 30QAnRIcfQyMET9YDR6w8/pgOZ5kT+4w =Kklu -----END PGP SIGNATURE-----
Attachment:
http-fingerprints.lua
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] [patch] Big changes to http-enum.nse Ron (Oct 16)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 18)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrick Donnelly (Oct 19)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 21)
- Re: [NSE] [patch] Big changes to http-enum.nse David Fifield (Oct 21)
- Re: [NSE] [patch] Big changes to http-enum.nse Jacky Jack (Oct 23)
- Re: [NSE] [patch] Big changes to http-enum.nse Ron (Oct 26)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)
- Re: [NSE] [patch] Big changes to http-enum.nse Patrik Karlsson (Oct 17)