Nmap Development mailing list archives
RE: [RFC] New NSE script for MySQL database servers
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Sun, 6 Apr 2008 20:12:12 -0500
-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Fyodor Sent: Saturday, April 05, 2008 3:23 PM To: Thomas Buchanan Cc: Nmap-dev Subject: Re: [RFC] New NSE script for MySQL database servers Nice. What is the status on this script? Is it nearing a state where you think it could be included with Nmap? Cheers, -F
There are still a couple of things that I think need to be addressed before it should be included with Nmap, and I'm not sure how to proceed on them. First off, the script relies on an interface from NSE to the OpenSSL library, which I posted about a few months ago [1]. The patches attached to that email only supported *nix-based systems, they did not include an option to build for Windows. Since then, I've worked some more on building Nmap on Windows with OpenSSL support, and came up with a repeatable solution for compiling OpenSSL from source, and then compiling Nmap to link against that [2]. This worked well for me, and I updated my NSE / OpenSSL patches to include the Windows build system as well, but I haven't gotten around to posting that patch to the list yet. However, I'm not convinced that my simplistic attempt at creating NSE bindings for OpenSSL were very suitable. They only provide an interface to two functions (md5 and sha1), which were all I needed for the NSE scripts that I was working on at the time. I wonder if any of the SoC students might be interested in developing a more comprehensive OpenSSL binding for NSE. I'd be happy to go into more detail about what I've done so far if anybody is interested and has questions about it. If there doesn't appear to any interest, I'll take a look at updating my patches to the latest SVN code, and posting them to the list for review. If I go this route, I'll probably try to expand the coverage of my bindings, as Brandon recently indicated some additional OpenSSL routines that might be handy to have [3]. Thanks, Thomas [1] http://seclists.org/nmap-dev/2007/q4/0472.html [2] http://seclists.org/nmap-dev/2008/q1/0260.html [3] http://seclists.org/nmap-dev/2008/q1/0533.html _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] New NSE script for MySQL database servers Fyodor (Apr 05)
- RE: [RFC] New NSE script for MySQL database servers Thomas Buchanan (Apr 06)