mailing list archives
Re: [NSE] http-traceroute
From: Hani Benhabiles <kroosec () gmail com>
Date: Fri, 18 May 2012 18:13:25 +0100
On 05/18/2012 03:07 PM, Henri Doreau wrote:
the script works well and your code is neat and tidy, good job!
A couple comments:
- I think script description should mention that this implementation
is based on the work of Nicolas Gregoire (nicolas.gregoire () agarri fr)
and Julien Cayssol (tools () aqwz com).
- I noticed a couple unnecessary variable declarations (line 171,
"i" doesn't have to be declared, "response" is re-declared line 175).
There might be other ones. Can you have a look?
Done. Removed "results" too.
I added a verbosity script argument defaulting to 0. I prefer your first
suggestion and I think it is better to default to a low output size and
let people decide if they want a more detailed output rather than
automatically choosing for them through a scoring mechanism.
I also have a suggestion. I think the current output should be
displayed when verbosity level is>0. Otherwise I would suggest that
you attribute a score to each heuristic you apply, and set a
threshold. When score is greater than the threshold, default output
could simply mention that reverse proxies were detected (and give the
score, as an indicator of accuracy). What do you think?
the problem with a name like http-reverse-proxy-detect is that in the
future we may write scripts which do the same thing (detecting reverse
proxies) but in a different way. Something like http-max-forwards is
problematic too as you can't tell what the script does from the name. I
believe that it would be better to keep the http-traceroute name unless
someone comes with a better name.
Also, during initial discussions we were wondering whether the name
http-traceroute should be changed for something like
"http-reverse-proxies-detect" or similar. I'd like to have opinions
from the list about this.
I also believe that we should add the script the default category given
- It is safe.
- It generates low traffic (3 http requests.) and has a low execution time.
- No false positives so far with many tests. The technique it uses is
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/