Re: Nmap Fingerprint Submitter 2.0

[Fyodor <fyodor () insecure org>]

On Sun, Jun 10, 2007 at 10:40:03PM -0700, doug () hcsw org wrote:
> We can also take advantage of a smarter javascript based client to add
> some useful features that should both make it more convenient to
> submit to and produce better meta-fingerprint information. I think with
> a more intuitive interface we can squeeze even more information out of
> the collective knowledge and experience of the Nmap community through
> fingerprint submissions and still make the overall process faster/easier!

Hi Doug!  I played with the new system some tinight and love it so
far!  This should definitely make submitting fingerprints easier, and
produce more accurate data for us when we integrate them.

Here are some notes I took while testing:

o The "submit" button currently gives me a 404 error, so I wasn't able
  to test beyond playing with the form fields.

o The number in parens in the OS classification section should
  probably be the total number of fingerprints matching the vendor/os
  family.  Right now it is just the number of "child" choices.  For
  example, "Linux" as the Vendor should probably say "(264)" rather
  than "(1)" as it says now.

o I like the stats line up top :)

o Your script demonstrates the need to canonicalize the OS types,
  etc.  I see things like:
    Windows (697)
    windows (1)
    print server (57)
    Print Server (1)
    broadband router (58)
    broadband-router (2)

  I added an item for this in the Nmap TODO.

o The "Enter your name and e-mail address" field should probably give
  an example of the format people should use.  E.g. "Fydoor
  <fyodor () insecure org>".  The exact format people use may not matter
  much, but an example keeps people from wondering whether the format
  they use is OK.

o At least for OS detection (might be useful for version too), I'd
  like to see a question like "How do you know the system is running
  this OS?".  It could be a choosebox with answers like:

= I'm just guessing!
= System owner told me what was running
= I own or administrate the system and am certain of the OS
= Other

o I'd like to be able to ask more questions based on what they choose
  for the "OS Name" field.  For example, if they choose Windows I'd
  like to add a field for winver results.  And if they specified
  Linux, I'd like to ask for uname -a and the distribution name and
  version.  I'd like the uname -a results for other UNIX systems as
  well.  All of the questions would be single-line form fields, so
  maybe that limitation would help in adding a generic system for
  doing this.

o For the version fingerprint submissions system, you might find it
  useful to have a checkbox in the OS section which says something
  like "This application is _not_ supported on other operating
  systems" than the one they specified.  If this is checked (and the
  user is correct), the generated signature can be augmented with the
  OS line.

o One the bottom of the page you can note that problems/bug reports
  should be sent to nmap-dev () insecure org .

o I like the "service name" interface for version detection
  submissions :).

Good work, I'm looking forward to getting this set up on Insecure!  It
definitely beats the "mail your corrections to Fyodor" instructions up
there now!

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org