Re: [RFC] Default NSE Scripts

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> Does anyone have concrete reasons why it is important to enumerate the
> full list of supported SSL2 ciphers?  If not, I suggest that we change
> the script to only print those in debugging mode or when verbosity
> level is at least 2.  With that change, I think it is reasonable to
> keep the script default.

I've attached a patch to change this.  I've also pasted in the newest
list below (I've kept SSLv2-support on the Non-Default list for now in
case there is a good reason to keep it as-is).


Default:

* anonFTP
* dns-test-open-recursion - Is this useful often enough?
* finger
* ftpbounce
* HTTPAuth
* HTTP_open_proxy
* MSSQLm
* MySQLinfo
* nbstat
* RealVNC_auth_bypass
* robots
* rpcinfo
* showHTMLtitle
* showOwner
* SMTPsysdesr
* SSHv1-support
* UPnP-info

Not Default:

* bruteTelnet - Too intrusive and slow
* chargenTest - Obscure / "demo"
* daytimeTest - Obscure / "demo"
* echoTest - Obscure / "demo"
* HTTPpasswd - A bit too intrusive and probably not useful enough
* HTTPtrace - Not default material
* iax2Detect - "version"
* ircServerInfo - I don't think this is default material (but I'm also
not an IRC user)
* ircZombieTest - "malware"
* kibuvDetection - "malware"
* netbios-smb-os-detection - I want this to be default, but it's "version"
* PPTPversion - "version"
* promiscuous - I don't think it's useful enough
* ripeQuery - Abusive to RIPE
* showHTTPversion - Obscure / only category is ""
* showSMTPVersion - Obscure / "demo"
* showSSHVersion - Obscure / "demo"
* skype_v2-version - "version"
* SMTPcommands - Too much output currently
* SMTP_openrelay_test - "demo" because of "real hostname" issue
* SQLInject - Obvious reasons  :)
* SSLv2-support - Produces quite a bit of output -- I submitted a patch
* strangeSMTPport - Obscure / "backdoor"
* xamppDefaultPass - "vulnerability"
* zoneTrans - Just doesn't seem like default material IMO

> Cheers,
> -F

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSCip4v9K37xXYl36AQKYGg/9FqE6IO3u/Oxoqy86ZBmnfClCoY+nIex+
QSR6+l67eKZ/Fu2OecTRY62F2LLVPaVI3Di+taw4G5JC53meM+HE2BFUQrDUwfOC
bpZrBYX5bbiuPokQqtUT5RCwwUkQdFp2KqNfM7PvIbysPZ+hUny9teZABc/peQrV
5/ifV9SIWm576TkuNeV9BAe+kMpJptgNyyuXjqL/XhvrS5ph77kYIwEGZQHf5+f2
v6llW2R6zuoNCV809nzqnzMQ9LY1hZfh/WOldcMrpxPtTHuTBrc3ua8DU9ZZOoxd
JKlwFXjSaLthc6hiSmZl5lgFf69HgHEqGnoP2IKjx1uJfyJd0ADMcR2s1kDGVa0s
fu8wweVl0W20GqV5AnYiA9mFNpJ2TH9YX9LfstlPjWW3VltrZqp4oi8SPsKVjaZV
XKQeoKzoZ/35rXr5I4jp+PHvJtU+nn/q0isI2kARqNlmVBEtwXqjtomkURJt6fTg
XZRBcDivkHEk7aeYICAMW8OGCoXK3wDB6luW+O6/euXjkOqRaOoJtwaSd184xElP
TRVUlI+GRA0QliC4PxFR85XVePHZ3EBeP8y+ChFmkbS8swo1lPCuVsS/UCl6S9Rt
VQJro1Df5/SMQscp2tDj2kMAGJIVZaFLP60JZhTks4A5ta1jXxl4SzjQKtoHghfi
WZtp6l88XVI=
=RqbK
-----END PGP SIGNATURE-----

Index: scripts/SSLv2-support.nse
===================================================================
--- scripts/SSLv2-support.nse   (revision 7475)
+++ scripts/SSLv2-support.nse   (working copy)
@@ -202,15 +202,13 @@
 -- actually run some tests:
        if (ssl_version == string.char(0x00, 0x02)) then
                return_string = "server still supports SSLv2\n";
+       else
+               return
        end
 
-       available_cyphers = cyphers(cypher_list, cyphers_len);
-
-       if (    string.len(return_string) > 0
-       or      string.len(available_cyphers) > 0) then
-                       return return_string .. available_cyphers;
-       else
-                       return;
+       if (nmap.verbosity() > 1 or nmap.debugging() > 0) then
+               available_cyphers = cyphers(cypher_list, cyphers_len);
        end
 
+       return return_string .. available_cyphers;
 end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org