On Mon, Jun 04, 2007 at 02:50:19PM +0200, rin_tin_tin_at_centrum.cz wrote:
>
> I`ve created small NSE script for testing SQL Injection. It need send correct Host headers in http-requests ( the same hostname like in targets list [which is parsed from google]), but I have no idea how to do it. I tried use host.name, but it`s in almost cases different from scanned hostname.
> Is there any chance, how to get it? (If site return HTTP 302 to me, I can get it from Location header, but it is not good solution ;]]
>
> example:
> nmap www.nmap.org -> host.ip = '205.217.153.53' and host.name = 'www.insecure.org'
>
> Thus, is in NSE some function to get www.nmap.org? not www.insecure.org ...
Hi Mike. I don't think Nmap has a way to get that information right
now. And plus the name put in by the user (if any -- putting in IPs
and networks is probably at least as common as names) isn't
necessarily any more likely to be the web server's official hostname
than the name obtained from reverse DNS.
Your 302 approach actually sounds like a promising idea. If you find
the best name, you could save it in the registry for other scripts.
Also, we're looking at command line options for specifying variables
like this. So your script could first check if a ServerName variable
was set, and use that if it was. Otherwise, it could fall back to
Nmap's host.name.
Thanks for your feedback!
Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jun 04 2007
Intro
