mailing list archives
Re: http-changelog.nse script and GSoC participation.
From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Jul 2013 03:17:36 -0700
On Sat, Jun 15, 2013 at 09:12:02PM +0530, Yashin Mehaboobe wrote:
I've made the changes you suggested i.e allow any file to be fingerprinted.
Right now the script takes a resource argument which will point out the
file which is to be hashed. A file containing the hashes for comparison
will be kept in the nselib/data folder. Code is here:
https://gist.github.com/Sp3ctr3/5786362 . The database file is available
I'm a bit confused by the database format at
https://gist.github.com/Sp3ctr3/5788511. The entries don't seem to have
the name of the file that should be hashed to get them. How does the
http-staticfile script at https://gist.github.com/Sp3ctr3/5786362 know
what files to request?
Anyway, I think this approach of a new database and new script is not
the best one. I would rather see the http-enum database augmented with a
new md5 match type. There's really no reason to have separate scripts
that differ only in how they match fingerprints.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/
- Re: http-changelog.nse script and GSoC participation. David Fifield (Jul 26)