Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] New httpspider library and http-email-harvest script
From: Martin Holst Swende <martin () swende se>
Date: Thu, 08 Dec 2011 13:43:09 +0100

On 12/06/2011 11:50 PM, Patrik Karlsson wrote:
Hi all,

I've just committed (r27349) a httpspidering library inspired by Paulino's
previous work.
The script http-email-harvest is the first script that makes us of it and
collects e-mail addresses from spidered web content.

Comments and feedback are, as always, welcome.

Cheers,
Patrik
Cool,
Would it be possible to have a prerule script which modifies the
http-library to enable 'sniffing' of different things, such as email.
Consider the following:

nmap --script http-grep, http-enum --script-args
http-grep.harvest="email,stacktraces,plaintext_login,cookienames,
serverbanners"  <target>

For that to work, the http-grep would have to monkeypatch the http
library and add a couple of 'greppers' which would analyse all http
responses before they are
passed to http-enum. Then we could add a bunch of greppers which would
be very simple to implement and could be used anytime http is used, and
leverage existing
http-scripts.

The email-harvest script could be replaced by
nmap --script http-grep, http-spider --script-args
http-grep.harvest="email" <target>

Is it at all possible for a pre-rule script to do this? Would it make
sense?

/Martin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]