Nmap Development mailing list archives

Re: ftp-brute.nse overhaul

From: Ron <ron () skullsecurity net>
Date: Sat, 19 Sep 2009 01:34:27 -0500

On 09/19/2009 12:54 AM, Fyodor wrote:

Well, ftp-anon is one of our default scripts.  Checking whether a
discovered FTP server allows anonymous access is (arguably) OK by
default, but a brute force password guessing attack is not.  So it may
be best to leave them separate, but factor out any common code into a
library.

Cheers,
-F

Realistically, the code in ftp-anon.nse, though it needs a little bit offixing (it isn't buffering lines properly), is so short that factoringout the code doesn't really matter.

That being said, if there are more ideas for FTP, I can create a ftp.luanselib and put the important code in there. But, I don't really thinkthat's necessary. We'll see, though.. it couldn't hurt.


That's a good point about ftp-anon.nse being default; I'll leave it as is.

Ron

--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

ftp-brute.nse overhaul Ron (Sep 18)
- Re: ftp-brute.nse overhaul Fyodor (Sep 18)
  - Re: ftp-brute.nse overhaul Patrick Donnelly (Sep 18)
    - Re: ftp-brute.nse overhaul Ron (Sep 18)
    - Re: ftp-brute.nse overhaul Fyodor (Sep 18)
    - Re: ftp-brute.nse overhaul Ron (Sep 18)
  - Re: ftp-brute.nse overhaul Ron (Sep 18)