Nmap Development mailing list archives
Re: [NSE] Script for HTML generator meta tag
From: Michael Kohl <citizen428 () gmail com>
Date: Tue, 10 Jan 2012 21:31:07 +0100
On Tue, Jan 10, 2012 at 4:46 PM, Duarte Silva <duarte.silva () serializing me> wrote:
I have some pointers:
Much appreciated, this is my first "real" Lua program.
- in the script documentation, it's missing the example part;
I added @usage to the documentation if that's what you mean.
- the generator regexp will only match lowercase letters. If it's something like "<META name=(...)", your match will fail;
I know. All the CMSs I checked insert the tag in lowercase, but I'll make sure to change case-insensitive instead.
- what if there is more than one generator tag? Very unlikely, but would we want that to be in the output as well? - take a look at stdnse.format_output (if you decide to check for more than one generator tag, you should return a table);
Thanks for the pointer I don't think I ever saw a site like that, so I'll keep this as a potential feature for a future version, should demand arise.
- I'm not sure about the way you deal with the redirects.
Fair enough. I looked at a couple of scripts to see what they do, and a lot of it seemed rather complicated and/or had some restrictions (BTW: maybe this means there should be a standardized way in one of the libraries). This was the quickest thing I could come up with that worked. I see your point though, so in order to keep it simple, I changed the "while...do..." to an "if...then...", meaning the script now only follows the first redirect. There are other scripts with the same restriction and it works on my set of test sites. Easy enough to add a counter and stop after x redirects if we want to add this later.
Did you tried anything with arguments? It does seem like a good next step (if you already know the logic behind the "action", "portrule" and so on).
No, this is my first NSE script, so I never tried anything with arguments before.
instance, on your script you could add an argument for the web path. Not all web applications are in the '/' directory.
Good point, I added a TODO comment and will implement it at a later stage. Thanks for all the pointers, I'm glad to hear that you'd also use the script, maybe at its current state it's good enough for a first version to include in the main distribution: https://raw.github.com/citizen428/pentesting/master/nmap/nse/generator.nse Michael _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script for HTML generator meta tag Michael Kohl (Jan 10)
- Re: [NSE] Script for HTML generator meta tag Daniel Miller (Jan 10)
- Re: [NSE] Script for HTML generator meta tag Duarte Silva (Jan 10)
- Re: [NSE] Script for HTML generator meta tag Michael Kohl (Jan 10)
- Re: [NSE] Script for HTML generator meta tag Michael Kohl (Jan 10)
- Re: [NSE] Script for HTML generator meta tag David Fifield (Jan 11)
- Re: [NSE] Script for HTML generator meta tag David Fifield (Jan 12)
- Re: [NSE] Script for HTML generator meta tag Michael Kohl (Jan 13)
- Re: [NSE] Script for HTML generator meta tag David Fifield (Jan 13)
- Re: [NSE] Script for HTML generator meta tag Michael Kohl (Jan 13)
- Re: [NSE] Script for HTML generator meta tag David Fifield (Jan 13)
- Re: [NSE] Script for HTML generator meta tag Duarte Silva (Jan 10)
- Re: [NSE] Script for HTML generator meta tag Daniel Miller (Jan 10)
- Re: [NSE] Script for HTML generator meta tag Michael Kohl (Jan 11)
- Re: [NSE] Script for HTML generator meta tag Brendan Coles (Jan 11)