Nmap Development mailing list archives
Re: Google Search Appliance version script
From: Fyodor <fyodor () insecure org>
Date: Tue, 25 Jan 2011 21:50:24 -0800
On Sun, Jan 23, 2011 at 04:47:31PM -0500, Matt Selsky wrote:
Attached is a script to grab version information from a Google Search Appliance via the "About" page.
Thanks for sending this. I only had a couple minutes to read through it, but I'll send some quick feedback anyway: o It looks like this will make two HTTP requests to /EnterpriseController against every web server found. Given that the vast majority of web servers are NOT Google Search Appliances, this might be too much overhead for a "default" script. Can version detection already detect GSA? If not, maybe new signatures could be added so it does? If this script only performed the requests against GSA machines, it would be more suitable for the default category. But if we took it out of default, I imagine that it often wouldn't get used even when it is going against a GSA server just because the user didn't know to enable the script. o Anothe issue arises with single purpose scripts like this. One could see this functionality being useful for all sorts of appliance-style devices, including my Linksys access points, printer web admin, etc. Does it make sense to have individual scripts for each (meaning we could end up with dozens, hundreds, or thousands of them), or try to put all the detection functionality in one http discovery script? I'm not sure. Nessus and OpenVAS have tens of thousands of scripts because they tend to create a new script for every single obscure test rather than combine them into fewer, more powerful scripts. Nmap, on the other hand, tends to have fewer but more complex scripts. We've seen this issue in other recent script submissions such as eig.nse, which uses an HTTP request to check if the device reports itself as an "Electro Industries / Guagetech 'Nexus' smart meter". I'm not sure where to draw the line here or what the best policy is, but I figured it is worth raising the issue. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Google Search Appliance version script Matt Selsky (Jan 23)
- Re: Google Search Appliance version script Fyodor (Jan 25)
- Re: Google Search Appliance version script David Fifield (Feb 04)
- Re: Google Search Appliance version script Fyodor (Jan 25)