Re: [W3af-develop] Regular expression recommendation for privateIP grep plugin

Wed, 21 Jan 2009 18:00:03 -0800 

Sertan,

On Wed, Jan 21, 2009 at 10:36 PM, Sertan Kolat
<ser...@mlists.olympos.org> wrote:
> Hi Andres,
>
> It is now more clear, yes I misunderstood at first.
>
> See if this works for you.
> (?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}(?!\d)

I wished I could write regular expressions like you =)

Just commited the change to the grep.privateIP plugin, please note
that I slightly modified your regex in order to disallow dots at the
end of an IP. To understand what I mean, you can do this test:

- Do not perform a "svn up", and run this:    ./w3af_console -s
scripts/script-private_ip.w3af
- Analyze the results, and analyze the contents of the target URL

- Now perform a "svn up", and run the script again.
- Analyze the results

- Finally, modify the plugin in such a way, that your regex (the one
in this email) is run.
- Analyze the results, you'll find that some false positives are there!

> My tests: http://dpaste.com/111703/

Thank you very much for your contributions! You are welcome to keep on
contributing with whatever you want. If you aren't sure about what to
do... just ask in this same mailing list (please start a new thread).

Cheers,

> Sertan
>
> On Thursday, January 22, 2009, 1:12:23 AM, you wrote:
>
>> I WANT to match '10.1.1.2' in '123_10.1.1.2a'! I'm sorry if I gave you
>> a wrong idea.
>> What I DON'T want to match is  '10.1.1.222' in  '10.1.1.2222', do you
>> get the slight difference?
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>



-- 
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to