mailing list archives
Re: [NSE] New script http-unsafe-output-encoding
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 15 Dec 2011 07:20:39 +0100
On Sun, Dec 11, 2011 at 9:56 PM, Martin Holst Swende <martin () swende se>wrote:
On 12/11/2011 08:52 PM, Patrik Karlsson wrote:
I just committed a new script called http-grep. It does pretty much what
the name suggests and enables you to search for patterns within spidered
I've included a few example usages and their responses, but the script
obviously be used for a lot more:
You're on fire!
I also threw together a script, based on an old tool I wrote a long time
ago and which serves me very well (https://bitbucket.org/holiman/jinx)
I basically ported it to nmap using the new spider. What it does is:
- Checks if a spidered page contained parameters
- If so, checks if any of these were reflected on the page ( e.g,
"foobar" and "funzip" was found)
- If N reflections were found, creates N new urls:
-- The payload is this : ghz>hzx"zxc'xcv
- For each of these N new links, it fetches the content. In the content,
it checks if any of the "dangerous" characters were reflected without
If any such things are found, chances are high this page is vulnerable
to reflected XSS.
Thanks for the contribution Martin! I've renamed the script to
http-unsafe-output-escaping and made some minor cleanup.
It's committed as r27488.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/