Nmap Development mailing list archives
Re: [NSE] http-config-backup
From: Riccardo Cecolin <nmap () rikiji de>
Date: Wed, 29 Feb 2012 21:56:14 +0100
I ran cmsploit.coffee with the default configuration and then with "swapFiles" and "configFiles" fully enabled, the first resulted in just 12 GET requests while the second in 88 (both attached). Currently http-backup-finder.nse checks 60 paths, and it's not a subset of the 88 mentioned above, so it's necessary to decide which are the most interesting ones. I added the directory save option and added another check for the "path" so it's not necessary to specify the leading slash. Riccardo On Wed, Feb 29, 2012 at 3:23 AM, David Fifield <david () bamsoftware com> wrote:
On Tue, Feb 14, 2012 at 08:00:51PM +0100, Riccardo Cecolin wrote:Hi I'm a grad student, I'd like to learn how nmap works and then slowly start contributing to the project. I started choosing a simple script from the "Script Ideas" page and implementing it. Attached to this mail there's "http-config-backup". Let me know what can be fixed/improved.I have taken a closer look at this script. It is overall nicely done. I have made a bunch of changes and attached the modified script. There are a few more things I'd like you to do, if you will, before the script is committed. The first is that I'd like you to cross-check the list of paths against the original CMSploit implementation at https://github.com/feross/CMSploit/blob/master/NodeJS/cmsploit.coffee. The reason is that I noticed that your script doesn't check paths of the form ".BASENAME.swp", only the version without a leading dot. It also checks some other paths that seem to come from http-backup-finder. I'd like to know exactly what paths are being queried, so we can decide if there's a good reason for any differences. Ideally, I'd like to have two text files; one a transcript of the queries made by http-config-backup.nse, and one a transcript of cmsploit.coffee. If you can't easily run cmsploit.coffee, then maybe you can at least recover a complete list of paths by tracing through what the source code does. The "save" script argument shouldn't be a simple boolean; rather it should be the name of a directory in which to store the downloaded pages. Can you check how other scripts handle this situation and make your script match? David Fifield
Attachment:
http-config-backup.nse
Description:
Attachment:
cmsploit.default.list
Description:
Attachment:
cmsploit.full.list
Description:
Attachment:
http-config-backup.list
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-config-backup Riccardo Cecolin (Feb 14)
- Re: [NSE] http-config-backup David Fifield (Feb 14)
- Re: [NSE] http-config-backup Riccardo Cecolin (Feb 14)
- Re: [NSE] http-config-backup David Fifield (Feb 28)
- Re: [NSE] http-config-backup Riccardo Cecolin (Feb 29)
- Re: [NSE] http-config-backup David Fifield (Mar 06)
- Re: [NSE] http-config-backup Riccardo Cecolin (Mar 08)
- Re: [NSE] http-config-backup Riccardo Cecolin (Feb 29)
- Re: [NSE] http-config-backup David Fifield (Feb 14)