Nmap Development mailing list archives
Re: [NSE] Lotus Domino httpd version
From: David Fifield <david () bamsoftware com>
Date: Mon, 28 Jan 2013 10:15:11 -0800
On Mon, Jan 28, 2013 at 06:42:06PM +0100, Jesper Kückelhahn wrote:
I thought a bit more about this, and might it be more useful to generalise this script to extract versions of different web / application servers? This could be a very small list compared to http-fingerprints, including only pages that could be used for version extraction. Domino, Tomcat, Sharepoint, Apache httpd, JBoss AS, Glassfish, WebLogic, WebSphere, .Net, etc could be potential candidates for this list.
I don't want two scripts that are variations on the theme "download lots of URLs, grep them for info." I don't want a second script that is mostly the same as passing a different http-enum.fingerprintfile to http-enum. I don't see a reason to put web application services in a category apart from other HTTP services. It's true that http-enum and http-fingerprints are limited in what they can report, for example they only allow a line of human-readable output and not structured information like the version and CPE. In this respect your ike-fingerprints is much better designed. I would rather have these feature enhancements added to http-enum, than have two scripts that work mostly the same but slightly differently, trying two different lists of URLs, one with richer output than the other.
What is the rule of thumb for default version detection scripts in regards to http traffic, and net traffic in general ?
Downloading a page is fine. Guessing multiple URLs and trying to download them is not, for the default category. Remember that a default version script for HTTP will potentially run for *every HTTP server ever encountered in a scan*, and only a tiny fraction of those servers will be a web application server you're interested in. David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Lotus Domino httpd version Jesper Kückelhahn (Jan 19)
- Re: [NSE] Lotus Domino httpd version David Fifield (Jan 27)
- Re: [NSE] Lotus Domino httpd version Jesper Kückelhahn (Jan 28)
- Re: [NSE] Lotus Domino httpd version David Fifield (Jan 28)
- Message not available
- Message not available
- Message not available
- Re: [NSE] Lotus Domino httpd version David Fifield (Jan 29)
- Re: [NSE] Lotus Domino httpd version Jesper Kückelhahn (Jan 30)
- Re: [NSE] Lotus Domino httpd version David Fifield (Jan 30)
- Re: [NSE] Lotus Domino httpd version Jesper Kückelhahn (Jan 28)
- Re: [NSE] Lotus Domino httpd version David Fifield (Jan 27)