Re: [NSE] apache-userdir-enum

[jah <jah () zadkiel plus com>]

On 22/08/2009 22:41, Ron wrote:
> Since duplicating effort is always bad, maybe I'll make a
> http-helper.lua nselib (or maybe even add to http.lua?) the functions
> that let me do this, and document them. Then we can use those for both
> http-enum.nse and apache-userdir-enum. Let me know if you guys think
> it's a good idea and I'll go ahead and do it.
Yes, good idea.
I was looking at an apache log after using http-enum and saw that it did
about 80 requests in under two seconds.  http.lua pipelining has
obviously improved speed enormously and so I think the userdir script
should probably use HEAD requests once you've made the helper functions
available.  I think they should go in http.lua.
Maybe the random string generation that apache-userdir-enum uses would
be a good helper function too.  I saw the "Nmap404Check1250849230"
request and thought to myself, "hmm, think I'll add rewrite rule for
requests like those".
> One little change I'd request, though -- would it make more sense to
> call it http-userdir-enum.nse? I totally missed your script earlier
> because I was looking for http-* scripts (I thought about it today
> when I was looking at DirBuster stuff and found their list of their
> 10,000-most-common userdirs.
I thought the same thing.  In fact it's oversight on my part that I
didn't do a name change when I removed the apache-only restriction from
the userdir script.  I think http-userdir-enum is a better fit.  I'll do
that now.

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org