Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Please help
From: Fyodor <fyodor () insecure org>
Date: Mon, 4 Jun 2012 13:06:51 -0700

On Fri, Jun 01, 2012 at 11:15:43PM +0100, Hani Benhabiles wrote:

I don't it is necessary, given that there is already a generic test 
before launching the brute force.

if ( response.status ~= 401 ) then
    return ("  \n  Path \"%s\" does not require 
authentication"):format(path)
end

I agree that it is probably best to use "/" by default, so I just
checked in that change.  I also updated the script to use
get_script_args() rather than accessing the registry.args directly.

One thing I noticed while testing my changes is that http-brute
doesn't seem to support HTTP digest auth.  When my server asked for
digest auth, the script proceeded to send thousands of useless (in
this case) HTTP basic auth attempts.  This would be a very useful (and
probably not too hard) improvement for someone to make.  I'll add it
to the script ideas page (https://secwiki.org/w/Nmap_Script_Ideas).

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault