From 1263089a5292ec5c4efdbca5f78a0f88d2c9cff4 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 12 May 2026 21:00:42 +0000
Subject: [PATCH] Add a todo comment. Closes #552

---
 scripts/http-form-fuzzer.nse | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/http-form-fuzzer.nse b/scripts/http-form-fuzzer.nse
index 6c1e3ccfa..a25b25e43 100644
--- a/scripts/http-form-fuzzer.nse
+++ b/scripts/http-form-fuzzer.nse
@@ -16,9 +16,6 @@ determine if the fuzzing was successful.
 -- We consider an error to be either: a response with status 500 or with an empty body,
 -- a response that contains "server error" or "sql error" strings. ATM anything other than
 -- that is considered not to be an 'error'.
--- TODO: develop more sophisticated techniques that will let us determine if the fuzzing was
--- successful (i.e. we got an 'error'). Ideally, an algorithm that will tell us a percentage
--- difference between responses should be implemented.
 --
 -- @output
 -- PORT   STATE SERVICE REASON
@@ -47,6 +44,10 @@ determine if the fuzzing was successful.
 -- defaults to 310000
 --
 
+-- TODO: develop more sophisticated techniques that will let us determine if the fuzzing was
+-- successful (i.e. we got an 'error'). Ideally, an algorithm that will tell us a percentage
+-- difference between responses should be implemented.
+-- TODO: See https://github.com/nmap/nmap/issues/552 for more ideas
 author = {"Piotr Olma", "Gioacchino Mazzurco"}
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"fuzzer", "intrusive"}