Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Two new scripts url-snarf, http-auth-finder

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 29 Jan 2012 16:22:07 +0100
On Sun, Jan 29, 2012 at 3:27 PM, Duarte Silva
<duarte.silva () serializing me>wrote:


On Sunday 29 January 2012 09:26:34 Patrik Karlsson wrote:

Hi all,

I've committed two new scripts:
url-snarf: Sniffs the network for urls in HTTP traffic and dumps them
together with their originating IP
http-auth-finder: Spiders a site and detects web pages requiring HTTP- or
form-based authentication.

Comments and feedback is welcome.

Cheers,
//Patrik


Hi Patrik,

some notes for the url-snarf:
- it's missing the interface argument documentation and in the example
usage,


it should appear as obligatory;

- in line 31, identation problems (/me being picky);

For the http-auth-finder:
- identation in line 59 (/me being picky again :P );

Wondering how http-auth script could take advantage of
"nmap.registry.auth_urls". Maybe if it was a post rule script?

Regards,
Duarte Silva



Thanks I just committed a version that addresses all those issues.
In regards to the nmap.registry.auth_urls, the http-auth script would
simply need a dependencies line containing the http-auth-finder script.
This way the http-auth scripts doesn't run until the http-auth-finder has
finished running.

If someone want's to try to implement the necessary changes in http-auth,
to leverage the auth_urls registry entry, please let me know.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: