Re: [NSE] http-config-backup

[David Fifield <david () bamsoftware com>]

On Tue, Feb 14, 2012 at 08:00:51PM +0100, Riccardo Cecolin wrote:
> Hi
>
> I'm a grad student, I'd like to learn how nmap works and then slowly
> start contributing to the project. I started choosing a simple script
> from the "Script Ideas" page and implementing it. Attached to this
> mail there's "http-config-backup". Let me know what can be
> fixed/improved.

I have taken a closer look at this script. It is overall nicely done. I
have made a bunch of changes and attached the modified script. There are
a few more things I'd like you to do, if you will, before the script is
committed.

The first is that I'd like you to cross-check the list of paths against
the original CMSploit implementation at
https://github.com/feross/CMSploit/blob/master/NodeJS/cmsploit.coffee.
The reason is that I noticed that your script doesn't check paths of the
form ".BASENAME.swp", only the version without a leading dot. It also
checks some other paths that seem to come from http-backup-finder. I'd
like to know exactly what paths are being queried, so we can decide if
there's a good reason for any differences.

Ideally, I'd like to have two text files; one a transcript of the
queries made by http-config-backup.nse, and one a transcript of
cmsploit.coffee. If you can't easily run cmsploit.coffee, then maybe you
can at least recover a complete list of paths by tracing through what
the source code does.

The "save" script argument shouldn't be a simple boolean; rather it
should be the name of a directory in which to store the downloaded
pages. Can you check how other scripts handle this situation and make
your script match?

David Fifield

Attachment: http-config-backup.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/