From 8418f18274af7da9acbf390312ce84c4d911da98 Mon Sep 17 00:00:00 2001 From: fyodor Date: Fri, 27 Dec 2013 03:45:53 +0000 Subject: [PATCH] Minor updates to comments. For example, wanted to clarify that the Nikto http-enum integration was done with cooperation/encouragement from Nikto folks --- nselib/data/http-fingerprints.lua | 2 +- scripts/http-enum.nse | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua index 2e5ad5ce6..16acc9d4a 100644 --- a/nselib/data/http-fingerprints.lua +++ b/nselib/data/http-fingerprints.lua @@ -22,7 +22,7 @@ local table = require "table" -- * It doesn't support sending additional headers for a probe. -- That means, if a nikto fingerprint needs one of the above features, it -- won't be loaded. At the time of writing this, 6546 out of the 6573 Nikto --- fingerprints are being loaded successfully. +-- fingerprints are being loaded successfully. This runtime Nikto fingerprint integration was suggested by Nikto co-author Chris Sullo as described at http://seclists.org/nmap-dev/2013/q4/292 -- -- Although this format was originally modeled after the Nikto format, that ended -- up being too restrictive. The current format is a simple Lua table. There are many diff --git a/scripts/http-enum.nse b/scripts/http-enum.nse index f99ae407e..365ac489d 100644 --- a/scripts/http-enum.nse +++ b/scripts/http-enum.nse @@ -9,13 +9,13 @@ local table = require "table" description = [[ Enumerates directories used by popular web applications and servers. -This parses a fingerprint file that's formatted in a way that's compatible with the Nikto Web application +This parses a fingerprint file that's similar in format to the Nikto Web application scanner. This script, however, takes it one step further by building in advanced pattern matching as well as having the ability to identify specific versions of Web applications. -You can, however, parse the nikto database using http-fingerprints.nikto-db-path. This will try to parse +You can also parse a Nikto-formatted database using http-fingerprints.nikto-db-path. This will try to parse most of the fingerprints defined in nikto's database in real time. More documentation about this in the -nselib/data/http-fingerprints file. +nselib/data/http-fingerprints.lua file. Currently, the database can be found under Nmap's directory in the nselib/data folder. The file is called http-fingerprints and has a long description of its functionality in the file header.