Nmap Development mailing list archives

Re: Nmap 5.61TEST4 released - 51 New Scripts, web spidering, vuln library, and more!

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 17 Jan 2012 13:00:41 +0100




Also, I've sent the NSE for bruteforcing Nessus over XMLRPC, I don't see
it on SVN repository or release. Any problems with it? Anything I can help?



Hi Kost,

I've tested the nessus-xmlrpc-brute script from your repository but failed
to get it to work.
After spending quite some time with it, I found the following problems,
which I'm guessing occur due to recent changes in the Nessus web service or
due to some changes in the Nmap http library?

* The script is missing the require 'http' statement, which in my case,
results in the script failing to run at all
* The request is missing the following headers, and therefore fails to get
a correct answer from the server.
  - Content-type: application/x-www-form-urlencoded
- Accept: */*
  Without these headers in the request I get a 500 error for all requests.
* The http-library fails to get a proper response (.body is missing) due to
the nessus www server answering with an incorrect header "Pragma :".
  The whitespace and no value results in an error in the http library that
aborts parsing the response.
* The script fails to run unless a version scan, detecting the service as
SSL is completed.
  The reason being the service responds with an unencrypted error message
instructing the user to switch to SSL.
* The service in the portrule does not exist, I found it in the
service-probe patch you sent but I think we should stick with the current:
- 8834/tcp open  ssl/http NessusWWW 4.2.2 - 4.49RC1 (Nessus vulnerability
scanner http UI)

I'm running against 4.4.1, but unfortunately don't have access to any older
versions.
While trying to fix everything, I ended up re-writing the whole script
without using the http library as it's a rather simple request and I wanted
to avoid an ugly patch. As far as I can tell the script should now work and
detect if SSL is required and switch over as needed.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Nmap 5.61TEST4 released - 51 New Scripts, web spidering, vuln library, and more! Fyodor (Jan 02)
- Re: Nmap 5.61TEST4 released - 51 New Scripts, web spidering, vuln library, and more! Vlatko Kosturjak (Jan 04)
  - Re: Nmap 5.61TEST4 released - 51 New Scripts, web spidering, vuln library, and more! Patrik Karlsson (Jan 11)
  - Re: Nmap 5.61TEST4 released - 51 New Scripts, web spidering, vuln library, and more! Patrik Karlsson (Jan 17)