Nmap Development mailing list archives
[NSE] IDS behavior detection scripts
From: Joao Correa <joao () livewire com br>
Date: Mon, 8 Mar 2010 03:50:01 -0300
Hello guys, These two scripts were very helpful to me a few days ago, while configuring and testing an IDS in a server. Maybe they could be useful to someone else. The main objective of these scripts is trying to identify IDS (or should I call it IPS?) behaviors such as detecting and blocking sql-injections and directory enumeration. I believe that the scripts are self-explained, but if you have any question, I'll be here to answer. If you guys decide that these scripts are interesting enough to be merged to the main trunk, I think that maybe they should get better names and a better output. The scripts were successfully tested against OSSEC HIDS and it would be great if someone could test them against different IDSs. Also, do you guys have any idea of IDS behaviors that could be detected using nmap scripts? I would be interested in coding these scripts =). Maybe we could find some interesting scripts to different services IDS (not only HTTP). Thanks, João.
Attachment:
http-ids-enum.nse
Description:
Attachment:
http-ids-sql-injection.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] IDS behavior detection scripts Joao Correa (Mar 07)
- Re: [NSE] IDS behavior detection scripts David Fifield (Mar 29)
- Re: [NSE] IDS behavior detection scripts Joao Correa (Mar 29)
- Re: [NSE] IDS behavior detection scripts David Fifield (Mar 29)
- Re: [NSE] IDS behavior detection scripts Joao Correa (Mar 29)
- Re: [NSE] IDS behavior detection scripts Joao Correa (Mar 29)
- Re: [NSE] IDS behavior detection scripts David Fifield (Mar 29)