[NSE] http-filedownload-exploiter draft

[Israel Leiva <israel.leiva () usach cl>]

Hi guys.

I got here for the summer of code and I've been playing around with NSE for
a while. I'm submitting a (draft) of my first script: it spiders a website
identifying forced downloads (with Content-Disposition field in the header)
and tries to do malicious requests, in particular, it tries to download
itself. I looked all the http-related scripts and none seems to do
something similar. This (as you know) happens when the file does not check
for valid extensions, thus enabling unexpected requests like download
configuration files. This is quite old but a simple google search tells me
there are still lots of bad coded websites out there. This is a proposal
and my first script, so I'm open to any suggestions :-)

Some points I imagine are open to discussion:

 * The script uses a set of patterns to identify if a given URL is a
possible file download. What do you think of this? :isresource function in
httpspider could be an option to replace this.
 * The patterns, combinations and wilcards are just a few. I hope you guys
could contribute with some more ideas.


Cheers.
-- 
israel

Attachment: http-filedownload-exploiter.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/