Nmap Development mailing list archives
Re: [RFC] Improve NSE HTTP architecture.
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 20 Jun 2011 11:39:13 +0100
On Mon, Jun 20, 2011 at 05:14:17AM -0400, Patrick Donnelly wrote:
On Sun, Jun 19, 2011 at 4:09 PM, Djalal Harouni <tixxdz () opendz org> wrote:On Thu, Jun 16, 2011 at 05:17:50PM -0700, Fyodor wrote:That would be easy to add, but I worry about what scripts would do with the information. For example, suppose we have http-enum do vuln checks if the 'vuln' category was selected. Well, then what if the user just specified script names specifically (which may or may not be in vuln category)? What if user specified --script=all? Maybe rather than try to reimplement the category selection functionality, the script(s) could be made to work with it. For example, if the shared work is done in a library anyway, maybe you could have a small http-enum-vuln script which users could enable by name or category or whatever.Yes another small script like http-enum-vuln, that will load 'vuln' or 'exploit' fingerprints or matches is a good solution, this way we avoid the one-script-per-vuln, especially if that check is only 5 Lua instructions. And loading fingerprints based on their categories should be done by a library code. So I'll say: a script that will load the 'intrusive', 'exploit', 'dos" and 'vuln' fingerprints and matches, can be a popular script. My main point on this is to use the same NSE categories, and not extra categories like 'attack', etc. The 'app' field in the fingerprint table can be used to identify the application type.How about having each fingerprint get a single category. Then you can organize the fingerprints into separate http-fingerprint-<category> scripts: http-fingerprint-intrusive http-fingerprint-discovery http-fingerprint-vuln
Yes, http-fp-vuln, http-fp-discovery, http-fp-dos, http-fp-auth, etc. But I'm not sure for the "each fingerprint get a single category". I think that the 'vuln' and 'exploit' fingerprints can be in the same http-fp-vuln file (I'm not sure). -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] Improve NSE HTTP architecture. Djalal Harouni (Jun 14)
- Re: [RFC] Improve NSE HTTP architecture. Patrik Karlsson (Jun 15)
- Re: [RFC] Improve NSE HTTP architecture. Ron (Jun 16)
- Re: [RFC] Improve NSE HTTP architecture. Djalal Harouni (Jun 18)
- Re: [RFC] Improve NSE HTTP architecture. Djalal Harouni (Jun 18)
- Re: [RFC] Improve NSE HTTP architecture. Ron (Jun 16)
- Re: [RFC] Improve NSE HTTP architecture. Fyodor (Jun 16)
- Re: [RFC] Improve NSE HTTP architecture. Djalal Harouni (Jun 19)
- Re: [RFC] Improve NSE HTTP architecture. Patrick Donnelly (Jun 20)
- Re: [RFC] Improve NSE HTTP architecture. Djalal Harouni (Jun 20)
- Re: [RFC] Improve NSE HTTP architecture. Djalal Harouni (Jun 19)
- Re: [RFC] Improve NSE HTTP architecture. Patrik Karlsson (Jun 15)