Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-dir-brute
From: Ron <ron () skullsecurity net>
Date: Mon, 21 Nov 2011 13:20:52 -0600

No, almost everything should be HEAD. The script checks if HEAD works and falls back to GET if the server doesn't 
support HEAD. 

Ron

On Mon, 21 Nov 2011 14:20:27 +0100 Hani Benhabiles <kroosec () gmail com> wrote:
I missed the long miscellaneous category at the end of the file, my
bad ! Talking about http-fingerprints.lua, is there a reason for
using GET requests when there is no matching applied on the response
body ? e.g:

table.insert(fingerprints, {
    category='general',
    probes={
        {path='/egroupware/', method='GET'}
    },
    matches= {
        {match='', output='eGroupware'}
    }
})

Cheers,
Hani

On Sun, Nov 20, 2011 at 9:49 PM, Patrik Karlsson <patrik () cqure net>
wrote:



On Sun, Nov 20, 2011 at 4:07 PM, Hani Benhabiles
<kroosec () gmail com>wrote:

Hi Patrik,

I know of http-enum but this script serves a rather different
purpose. It works like tools such as OWASP DirBuster, relying on
response code to HEAD requests to discover directories (from
http-folders.txt) independently of the web app. http-enum uses a
larger and more general fingerprints file that requests certain
files (and parse the response content in some cases) to identify
the specific web applications (e.g if '/wordpress/wp-login.php'
contains 'ver=20080708' => WordPress 2.6.x)


Well, that's not entirely true, since 891 of the 894 directories in
http-folders.txt are already checked by http-enum.
Most of them are in the miscellaneous category so you filter on
that using the http-enum.category argument.
Maybe I'm not seeing it right, but I'm not sure that I understand
how this script is any different than what http-enum does.
I'm familiar with OWASPs DirBuster, but I haven't used it for
sometime now, but as I remember it does file, suffix and nested
directory checks too?

Cheers,
//Patrik

--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77





-- 
M. Hani Benhabiles
Blog: http://kroosec.blogspot.com
Twitter: kroosec <https://twitter.com/#%21/kroosec>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault