mailing list archives
Re: [NSE] http-filedownload-exploiter draft
From: George Chatzisofroniou <sophron () latthi com>
Date: Wed, 12 Mar 2014 16:07:27 +0200
On Mon, Mar 10, 2014 at 05:03:38AM -0300, Israel Leiva wrote:
Yes, I've checked http-passwd but I'm not quite sure it fits the purpose of
this script. Yes, the script actually checks for the passwd file, but
_only_ as a last resource, because the webpage may be misconfigured but the
server not necessarily, in that case it won't allow such requests (for
Then you should probably extend the http-passwd script and make it execute all
requests rather than ending on the first successful response. And then you can
add your own payloads / methods as well.
You should override the default withinhost method and do your checks there.
What do you mean with this?
The withinhost option can be overriden by a callback (Check the NSEDoc of
httpspider). You want to do something like:
crawler.options.withinhost = function(url)
(and the rest of your checks...)
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/