Nmap Development mailing list archives
Re: NSE output verbosity (p2p-conficker)
From: Ron <ron () skullsecurity net>
Date: Wed, 03 Jun 2009 21:35:13 -0500
Fyodor wrote:
I was just going to send this to Ron, but then decided on nmap-dev after my thoughts wandered a bit beyond the initial topic ... I was just scanning my linux localhost (with Samba listening on 139) and noticed in the default script output: | p2p-conficker: Checking for Conficker.C or higher... | | Check 1 (port 49055/tcp): CLEAN (Couldn't connect) | | Check 2 (port 28593/tcp): CLEAN (Couldn't connect) | | Check 3 (port 4348/udp): CLEAN (Failed to receive data) | | Check 4 (port 25691/udp): CLEAN (Failed to receive data) |_ |_ 0/4 checks: Host is CLEAN or ports are blocked Since the upcoming stable version of Nmap may be used for a long time, I don't think we want this much output from p2p-conficker for a default scan. It should probably be changed to either only provide output if a problem is found (or verbosity 2+), or it should probably be removed from the default category. Another idea is to make it easy for scripts to tell if they were specified by name on the command line. Then they could increase their personal verbosity level a couple points. That way the detailed p2p-conficker results could only be printed if -vv or if the user specified something like "--script p2p-conficker" on the command line, but not for a default script scan. The theory behind this is that someone who specifies p2p-conficker on the command line is showing a particular interest in that script and likely wants to see proof that it has run, etc. But someone who just gets p2p-conficker by default is less likely to want an "all clean" report from every default script. The immediate need is to do something about p2p-conficker, but the latter idea might be a useful post-stable improvement. If anyone else wants to mention any scripts which could use output cleanup before the stable release, now is your chance to speak up about them (or even send a patch!) Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
I totally agree.. I can reduce the output for now, that's easy enough. How soon are you hoping to build the final version? This is a crazy week for me, but I can do it on the weekend. -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE output verbosity (p2p-conficker) Fyodor (Jun 03)
- Re: NSE output verbosity (p2p-conficker) Kris Katterjohn (Jun 03)
- Re: NSE output verbosity (p2p-conficker) Ron (Jun 03)
- Re: NSE output verbosity (p2p-conficker) Ron (Jun 04)
- Re: NSE output verbosity (p2p-conficker) Fyodor (Jun 04)
- Re: NSE output verbosity (p2p-conficker) Ron (Jun 04)
- Re: NSE output verbosity (p2p-conficker) Fyodor (Jun 04)
- Re: NSE output verbosity (p2p-conficker) Ron (Jun 04)
- Re: NSE output verbosity (p2p-conficker) Ron (Jun 04)