Nmap Developmentmailing list archives
RE: Enhanced Version of HTTPtrace.nse
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Fri, 14 Dec 2007 00:28:16 -0000
Thanks for the advice! This is the first time I've touched NSE scripts soI'm not too familiar with all of the things I can do yet (i.e. I didn'trealise I could tailor the output based on the verbosity).It makes total sense to detect the verbosity/debugging level in NSE scripts,especially ones that can produce lengthy outputs. I'll see about modifyingit to use the functions you've mentioned. I suspect I'll display when TRACEis enabled by default (similar to how SSLv2 support is displayed), add theinconclusive messages when using -vv (hopefully this won't be seen thatoften, especially if I can eventually get the script to follow redirects andperform TRACE against files that exist so we can give a more accurateresponse), and return everything when verbosity is higher than 2 (even Idon't usually bother going above 2), unless anyone has any better ideas?I'll also see about using debugging to show additional information, such asthe first line of the returned header, if people set it high enough. I didconsider adding support to check for other verbs like TRACK or DEBUG, butthat would probably mean renaming the script too (this was only meant to bea very simple modification to your script, but I got carried away) ;)I've seen so many automated tools give false positives for TRACE based onOPTIONS, and I use nmap all the time, so I thought it would be nice if Icould combine the two and save myself some manual analysis.Rob-----Original Message-----From: Kris Katterjohn [mailto:katterjohn () gmail com] Sent: 13 December 2007 23:44To: Rob NichollsCc: nmap-dev () insecure orgSubject: Re: Enhanced Version of HTTPtrace.nse<snip>Printing that it is enabled but nothing changed is something that I would consider if -v or -d is set (nmap.verbosity or nmap.debugging) since that is something that can be useful at times. However, printing that it's not enabled is too much output IMO, and I'm pretty sure Fyodor will agree.<snip>_______________________________________________Sent through the nmap-dev mailing listhttp://cgi.insecure.org/mailman/listinfo/nmap-devArchived athttp://SecLists.Org
Current thread:
- Enhanced Version of HTTPtrace.nseRob Nicholls (Dec 13)
- Re: Enhanced Version of HTTPtrace.nseKris Katterjohn (Dec 13)
- Re: Enhanced Version of HTTPtrace.nsejah (Dec 13)
- RE: Enhanced Version of HTTPtrace.nseRob Nicholls (Dec 13)
- RE: Enhanced Version of HTTPtrace.nseRob Nicholls (Dec 13)
- Re: Enhanced Version of HTTPtrace.nseThomas Buchanan (Dec 13)
- RE: Enhanced Version of HTTPtrace.nseRob Nicholls (Dec 14)
- RE: Enhanced Version of HTTPtrace.nseRob Nicholls (Dec 14)
- Re: Enhanced Version of HTTPtrace.nseFyodor (Dec 15)
- RE: Enhanced Version of HTTPtrace.nseRob Nicholls (Dec 14)
- Re: Enhanced Version of HTTPtrace.nseKris Katterjohn (Dec 13)