golismero-legacy
golismero-legacy copied to clipboard
HTExploit scan plugin
A plugin that implements the HTExploit attack.
The attack is simple enough (using a fake HTTP verb) that we may not need to use HTExploit code at all - it may even be better to include the code directly into another plugin, like the bruteforcer.
For more information on this attack, see: http://www.alertlogic.com/blackhat-review-of-htaccess-tricks/
Possibly the easiest way is just adding the functionality to the Web Fingerprint plugin, since it's already trying invalid methods. Same goes for testing the TRACE method BTW - if enabled that should be reported as a vulnerability.
That won't work, we need to integrate it with the bruteforcer instead.
If this can be done for the next beta, go for it, otherwise just move it to the other milestone and we'll see it later...
I agree. It’s not really necessary for this beta.
El 03/02/2014, a las 18:41, Mario Vilas [email protected] escribió:
If this can be done for the next beta, go for it, otherwise just move it to the other milestone and we'll see it later...
— Reply to this email directly or view it on GitHub.