Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: http-changelog.nse script and GSoC participation.
From: Yashin Mehaboobe <yashinm92 () gmail com>
Date: Wed, 31 Jul 2013 00:51:59 +0530

It can be done by passing a script argument named resource.
Example:
nmap --script http-staticfile.nse --script-args resource=/CHANGELOG.txt HOST

And alright, I'll work on integrating it with the http-enum database.


On Fri, Jul 26, 2013 at 3:47 PM, David Fifield <david () bamsoftware com>wrote:

On Sat, Jun 15, 2013 at 09:12:02PM +0530, Yashin Mehaboobe wrote:
I've made the changes you suggested i.e allow any file to be
fingerprinted.
Right now the script takes a resource argument which will point out the
file which is to be hashed. A file containing the hashes for comparison
will be kept in the nselib/data folder. Code is here:
https://gist.github.com/Sp3ctr3/5786362 . The database file is available
here: https://gist.github.com/Sp3ctr3/5788511

I'm a bit confused by the database format at
https://gist.github.com/Sp3ctr3/5788511. The entries don't seem to have
the name of the file that should be hashed to get them. How does the
http-staticfile script at https://gist.github.com/Sp3ctr3/5786362 know
what files to request?

Anyway, I think this approach of a new database and new script is not
the best one. I would rather see the http-enum database augmented with a
new md5 match type. There's really no reason to have separate scripts
that differ only in how they match fingerprints.

David Fifield




-- 
- Yashin Mehaboobe
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault