Nmap Development mailing list archives
Re: General Webdav NSE script and the new IIS6 vulnerability
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 19 May 2009 16:40:45 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fyodor wrote:
But that security-basics thread also highlighted an old, more general Webdav script from Kris which some people were using to help find potentially vulnerable systems (those with IIS6+WebDAV enabled): http://ack-rst.com/scripts/webdav.nse
It's good to see people using a script I wrote but completely forgot about, especially when I can see code comments I don't remember like "'OPTIONS *' may seem like a good idea (it did to me), but it blows" :-) Upon first glance it appears that the script hosted on ack-rst is the same as the one I originally posted to nmap-dev, aside from them copying part of my email into the description field: http://seclists.org/nmap-dev/2008/q1/0267.html
So my questions are: 1) What is the status of this script? Is it ready to be cleaned up and integrated? I suppose it would need NSEDoc comments, but is there anything else missing or restructuring needed? Maybe Kris can let us know his thoughts on this.
I haven't been able to really keep up with recent NSE stuff, but here's what I see that needs to be looked at: 1) NSEDoc stuff, as you said 2) I think the id field needs removing 3) License text needs updating 4) Possibly recategorized, but Discovery seems fine for now All but #1 should be incredibly simple since they're just minor changes.
2) Do people want this script in Nmap? Anyone want to test it out and report back to nmap-dev how it worked for you, whether it would be useful for you going forward, and any suggestions you might have for improving it?
I'd love to hear any feedback on this! It can probably be improved, but unfortunately my Lua is worse now than when I wrote that script way back when.
Cheers, -F
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJKEydcAAoJEEQxgFs5kUfupzsQALyBEfBrFoPdrLO9P6684tW2 64eAr7c7E8G71mG7dtQChZJdKU4J4Fm3HrVzwt2fWS3Gjm4IFmZ1wxd2lCEYJQuF fkgPCgwDMGHbZ7vImU5fWpllnvkVWkU7FYc9GfE/yFPbphTRWIy/+9NkccjBwY53 7pCvDckQoOpFN4MfH0muZuMwvxxvRUrNcDScLSOCDGp8FHHzNVnD6rrMjNbecdH5 8egmdPg83IVnIEJtSaFcE1dDyVJLcQwyfW4LpJl7h/2PVOTXUe1Ub53GTIqDaNLX z1QctaIFgG65UJ04jO31GcSd/GtMTH7G3/qtqpQQDaRJXosR5Zv4DxPqdjK6/e1H OlAkbOrcIWk+SOXGBWtwVnB/1MHm86wJVEm65vpcmBW+tK0bVGP69F9eHCIYZ7KE Dk68Qp+p44QuTEYW4xcvsbAUJ74baWZHYgNDQgVt2h5dSbyqGSrUEDCFvbqI69XI PCiE07+VGpkwOXMjitWSNqcoE/f6I40UgYORyOqM5RBT8RZkGAthKhgnsoEOd5sx 2vknVGGCfDJbRyWI5kUS4anQfMgRw5Z7FjJnKcMef3Iy0i7Vlibl3CoSlzbP9T19 Dg2tTg2RfCKA4+Ya/CBc+kRivAZeRwdgjYguyA6RyikQa5efkpUkQ9v3FbC7C7Ca ote9JK4XrAfSokP/qHTh =8zOX -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- General Webdav NSE script and the new IIS6 vulnerability Fyodor (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Kris Katterjohn (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Gutek (May 20)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)