Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: http-barracuda-dir-traversal.nse
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 20 Jun 2011 18:28:05 +0100

On Sun, Jun 19, 2011 at 07:30:19PM +0200, Patrik Karlsson wrote:

On Jun 14, 2011, at 10:36 AM, Fyodor wrote:

On Thu, Jun 09, 2011 at 10:48:16PM +0200, Patrik Karlsson wrote:
I've sent a proposed solution, a library and a few sample scripts to the

As I didn't get a single comment on it, I simply forgot about it.
I think it's a good solution (obviously as I wrote and posted it), if you
have the time to check it out and think so as well, I'm happy to commit it.
Once committed, new scripts can make use of it and I can start changing
the brute library to use it to.

For what it is worth, I think it is a good idea too.


Thank's Fyodor,

I've committed the credential library along with the changes to the brute library and scripts as r24134.
I also fixed an ugly bug in the brute library that would cancel execution of all scripts if one script requested it.
I would like to commit an additional scripts that summarizes the results of all brute script as a postrule.
I'm attaching it here as well and would like to hear any comments and ideas on which categories to put it in?
* Categories: perhaps you should add the categories of the scripts
  that will use the credential library, but not all of them:
  'auth' and 'vuln' ?

* postrule: you can add a check in the rule to see if the Credentials
  table is not nil and was used, this way we do not run the script (to
  avoid running the post-scan phase if there is noting to report).

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]