mailing list archives
Re: Please help
From: Fyodor <fyodor () insecure org>
Date: Mon, 4 Jun 2012 13:06:51 -0700
On Fri, Jun 01, 2012 at 11:15:43PM +0100, Hani Benhabiles wrote:
I don't it is necessary, given that there is already a generic test
before launching the brute force.
if ( response.status ~= 401 ) then
return (" \n Path \"%s\" does not require
I agree that it is probably best to use "/" by default, so I just
checked in that change. I also updated the script to use
get_script_args() rather than accessing the registry.args directly.
One thing I noticed while testing my changes is that http-brute
doesn't seem to support HTTP digest auth. When my server asked for
digest auth, the script proceeded to send thousands of useless (in
this case) HTTP basic auth attempts. This would be a very useful (and
probably not too hard) improvement for someone to make. I'll add it
to the script ideas page (https://secwiki.org/w/Nmap_Script_Ideas).
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
Re: Please help Ron (May 31)