Nmap Development mailing list archives
Re: NSE script for finding user and admin login pages
From: nnposter <nnposter () users sourceforge net>
Date: Mon, 17 Apr 2017 08:06:08 -0600
Personally I feel the both sides have a valid point. On one side, duplicating these fingerprinting efforts is counterproductive and hard to scale. Ideally there should be only one HTTP fingerprinting dataset. At the same time, running http-enum, which by default fires 2,000+ requests, is a non-starter for me in a corporate environment. The categories are too coarse to alleviate the issue. On 4/17/17 2:13 AM, Rewanth Cool wrote:
The five categories in the http-fingerprint are general, security, management, printer, database. My idea is to create new categories like php, asp, aspx, jsp and load them with the admin/login pages in their respective categories. I'm thinking to use parameters like these, http-fingerprints.login-pages="php" or http-fingerprints.login-pages="all". I will fetch the extensions from the parameters given by the user as above and then process the results. I will be moving all the admin/login links from the existing http-fingerprints file into the new categories which will be created by me to avoid repetition of duplicate entries in multiple categories in http-fingerprints file.
I am not too keen on representing categories (or super-categories) as parameter names. IMHO we should stick with parameter values. One method to accomplish dynamic subsets and/or to avoid agonizing over whether a particular page should be in this or that category is to revise the script to allow each fingerprint to be in multiple categories. In the context of Rewanth's example above, http-fingerprints.login-pages=all would still be just http-enum.category=login, but there would be a new construct, xxx.yyy, that represents an intersection of categories xxx and yyy, not a category named "xxx.yyy". This would open up the opportunity to have granular orthogonal categories and even more granular scans, such as: http-enum.category=printer.login http-enum.category=login.oracle http-enum.category=database.login.oracle Just a thought.... Cheers, nnposter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- <Possible follow-ups>
- Re: NSE script for finding user and admin login pages Varunram Ganesh via dev (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- Re: NSE script for finding user and admin login pages Paulino Calderon (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 17)
- Re: NSE script for finding user and admin login pages nnposter (Apr 17)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)