Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-filedownload-exploiter draft
From: George Chatzisofroniou <sophron () latthi com>
Date: Wed, 12 Mar 2014 16:07:27 +0200

On Mon, Mar 10, 2014 at 05:03:38AM -0300, Israel Leiva wrote: 
Yes, I've checked http-passwd but I'm not quite sure it fits the purpose of
this script. Yes, the script actually checks for the passwd file, but
_only_ as a last resource, because the webpage may be misconfigured but the
server not necessarily, in that case it won't allow such requests (for
passwd).

Then you should probably extend the http-passwd script and make it execute all
requests rather than ending on the first successful response. And then you can
add your own payloads / methods as well.
 
You should override the default withinhost method and do your checks there.


What do you mean with this?

The withinhost option can be overriden by a callback (Check the NSEDoc of
httpspider). You want to do something like:

crawler.options.withinhost = function(url)
    if crawler:iswithinhost(url)
    and url:match(".*%.php%?.*%.pdf.*")
    (and the rest of your checks...)
        return true
    end
end

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault