Re: [Yokoso-devel] Nmap scripts

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

We tested this script today a little, after adding our new fingerprints, 
and it seems to work well but we occasionally got false positives. On 
one server specifically, every folder showed up as present, which is 
something we were hoping to avoid. We also get errors once in awhile 
that I'll have to look into.

Overall, however, it seems to work well. Let me know what you think!

Ron

On 08/17/2009 08:13 AM, Justin Searle wrote:
> Thanks Ron.  I'll check it out later tonight.
>
>
> On Aug 16, 2009, at 10:47 PM, Ron wrote:
>
>> Hi all,
>>
>> I just finished adding the ability to parse the yokoso fingerprint
>> file to the http-enum.nse script in Nmap. To use it:
>>
>> 1) Place Yokoso's "fingerprints" file, or a link to it, in Nmap's
>> nselib/data directory (/usr/local/share/nmap/nselib/data by default, I
>> think.. your mileage may vary).
>>
>> 2) Replace your copy of http-enum.nse with the copy I've attached (in
>> case the attachment gets eaten by the listserv, you can get it from
>> http://www.skullsecurity.org/tmp/http-enum.nse )
>>
>> 3) Run Nmap with the following command:
>> nmap --script=http-enum -p80,443 www.javaop.com
>>
>> (www.javaop.com is my site, and I put some randomly-chosen test
>> folders there)
>>
>> Here's the output I get:
>> -
>> $ ./nmap --script=http-enum -p80,443 www.javaop.com
>>
>> Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-16 21:44 CDT
>> NSE: Script Scanning completed.
>> Interesting ports on dsl-208-81-2-52.les.net (208.81.2.52):
>> PORT STATE SERVICE
>> 80/tcp open http
>> | http-enum: /icons/ Icons directory
>> | /images/ Images directory
>> | /sw/auth/login.aspx Citrix WebTop
>> | /images/outlook.jpg Outlook Web Access
>> | /nfservlets/servlet/SPSRouterServlet/ netForensics
>> |_ /nfservlets/servlet/SPSRouterServlet/ netForensics
>> 443/tcp filtered https
>>
>> Nmap done: 1 IP address (1 host up) scanned in 2.94 seconds
>> -
>>
>> If it doesn't work for you, please run with debug enabled (-d) and
>> send me all the output.
>>
>> If you have any other suggestions, please let me know. I haven't sent
>> this to the Nmap list just yet, I wanted to get your opinions/blessing
>> first. I don't really know the best way to distribute it. Kevin had
>> mentioned he'd like to include the script with Yokoso, and I'd like to
>> include your fingerprints file with Nmap, if that's ok. I'm sort of
>> worried if we do both, we'll end up with versioning issues. But we'll
>> see.
>>
>> Thanks, looking forward to your thoughts!
>> Ron
>>
>> --
>> Ron Bowes
>> http://www.skullsecurity.org/
>> <http-enum.nse>------------------------------------------------------------------------------
>>
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and
>> focus on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.
>> http://p.sf.net/sfu/bobj-july_______________________________________________
>>
>> Yokoso-devel mailing list
>> Yok...@li...
>> https://lists.sourceforge.net/lists/listinfo/yokoso-devel
>
> Justin Searle
> Senior Security Analyst - InGuardians, Inc.
> ju...@in...
> Direct: 801-784-2052
> Fax: 202-318-0235
>

-- 
Ron Bowes
http://www.skullsecurity.org/