Re: [NSE] http-filedownload-exploiter draft

[George Chatzisofroniou <sophron () latthi com>]

Hello Israel,

On Fri, Feb 14, 2014 at 04:29:23PM -0300, Israel Leiva wrote:
> I got here for the summer of code and I've been playing around with NSE for
> a while. I'm submitting a (draft) of my first script: it spiders a website
> identifying forced downloads (with Content-Disposition field in the header)
> and tries to do malicious requests, in particular, it tries to download
> itself. I looked all the http-related scripts and none seems to do
> something similar. This (as you know) happens when the file does not check
> for valid extensions, thus enabling unexpected requests like download
> configuration files. This is quite old but a simple google search tells me
> there are still lots of bad coded websites out there. This is a proposal
> and my first script, so I'm open to any suggestions :-)

Have you checked http-passwd? It is our generic directory traversal script. I
think your code fits better there.

>  * The script uses a set of patterns to identify if a given URL is a
> possible file download. What do you think of this? :isresource function in
> httpspider could be an option to replace this.

isresource is a helper function that helps you identify the resource of a given
URL. It won't help you here since you are interested in more specific patterns.

You should override the default withinhost method and do your checks there.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/