Nmap Development mailing list archives

Re: httpspider lib and hostnames with special characters

From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 5 Mar 2012 18:04:29 +0100

On Mon, Mar 05, 2012 at 03:30:43PM +0100, Gutek wrote:

Thanks Djalal.
It sounds to me like a weakness in httpspider's efficiency. Let's
consider a practical example with h-online.com and a
httpspider-dependant script, let's say http-backup-finder.
With a simple command like nmap -v -Pn -p80 -n --script
http-backup-finder www.h-online.com  it (silently) won't work because a
debug reveals that every link will be discarded, maybe fooling the user
into thinking that no backup was found:
- ----------
NSE: httpspider: Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=www.h-online.com
...
NSE: httpspider: Link is not within host:
http://www.h-online.com/nettools/tools/spam-list-query
NSE: httpspider: Link is not within host:
http://www.h-online.com/security/services/Reserved-IPv4-addresses-732899.html
NSE: httpspider: Link is not within host:
http://www.h-online.com/Contact-273335.html
NSE: httpspider: Link is not within host:
http://www.h-online.com/Privacy-Policy-of-h-online-com-273337.html
- -----------

Now, with a script arg to override this withinhost issue, it will work
as intended:
nmap -v -Pn -p80 -n --script http-backup-finder --script-args
http-backup-finder.withindomain=www.h-online.com -d2 www.h-online.com

- -----------
NSE: httpspider: Spidering limited to: maxdepth=3; maxpagecount=20;
withindomain=h-online.com
- -----------

As I understand it, a withindomain argument is mandatory when users want
to deal with hyphened hostnames ? if it's an intented behavior and not a
bug, maybe this should be explicitely stated in the documentation ?

Gutek this is clearly a bug, this should work by default.

httpspider must handle it, from rfc952:
<name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]

but it was updated later in rfc1123 to allow names to start with digits.

Thanks.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

httpspider lib and hostnames with special characters Gutek (Mar 05)
- Re: httpspider lib and hostnames with special characters Djalal Harouni (Mar 05)
  - Re: httpspider lib and hostnames with special characters Djalal Harouni (Mar 05)
    - Re: httpspider lib and hostnames with special characters Gutek (Mar 05)
    - Re: httpspider lib and hostnames with special characters Djalal Harouni (Mar 05)
    - Re: httpspider lib and hostnames with special characters Patrik Karlsson (Mar 05)
    - Re: httpspider lib and hostnames with special characters David Fifield (Mar 05)
    - Re: httpspider lib and hostnames with special characters Patrik Karlsson (Mar 06)
    - Re: httpspider lib and hostnames with special characters Gutek (Mar 06)