Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-traceroute
From: Hani Benhabiles <kroosec () gmail com>
Date: Fri, 18 May 2012 18:13:25 +0100

On 05/18/2012 03:07 PM, Henri Doreau wrote:
Hi Hani,
Hi Henri,
the script works well and your code is neat and tidy, good job!
Thanks.
A couple comments:
   - I think script description should mention that this implementation
is based on the work of Nicolas Gregoire (nicolas.gregoire () agarri fr)
and Julien Cayssol (tools () aqwz com).
Added.
   - I noticed a couple unnecessary variable declarations (line 171,
"i" doesn't have to be declared, "response" is re-declared line 175).
There might be other ones. Can you have a look?
Done. Removed "results" too.
I also have a suggestion. I think the current output should be
displayed when verbosity level is>0. Otherwise I would suggest that
you attribute a score to each heuristic you apply, and set a
threshold. When score is greater than the threshold, default output
could simply mention that reverse proxies were detected (and give the
score, as an indicator of accuracy). What do you think?
I added a verbosity script argument defaulting to 0. I prefer your first suggestion and I think it is better to default to a low output size and let people decide if they want a more detailed output rather than automatically choosing for them through a scoring mechanism.
Also, during initial discussions we were wondering whether the name
http-traceroute should be changed for something like
"http-reverse-proxies-detect" or similar. I'd like to have opinions
from the list about this.
the problem with a name like http-reverse-proxy-detect is that in the future we may write scripts which do the same thing (detecting reverse proxies) but in a different way. Something like http-max-forwards is problematic too as you can't tell what the script does from the name. I believe that it would be better to keep the http-traceroute name unless someone comes with a better name.

I also believe that we should add the script the default category given that:
- It is safe.
- It generates low traffic (3 http requests.) and has a low execution time.
- No false positives so far with many tests. The technique it uses is very neat!

Regards.


Cheers,
Hani.

--
Hani Benhabiles

Twitter:https://twitter.com/#!/kroosec
Blog:http://kroosec.blogspot.com

Attachment: http-traceroute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault