Nmap Development mailing list archives
Re: [NSE] Round 2: Update some scripts' categories
From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 13 Jul 2011 08:48:36 +0200
On Jul 13, 2011, at 1:05 AM, Djalal Harouni wrote:
On Tue, Jul 12, 2011 at 08:25:34PM +0200, Patrik Karlsson wrote:On Jul 12, 2011, at 7:59 PM, Djalal Harouni wrote:In this second list I've tried to add the 'default' category to the scripts which I think deserve it, however perhaps others will disagree so feedback is welcome.I've added some comments on the scripts that I know anything about.This will affect Nmap's default behaviour. o smb-mbenum.nse: -categories = {"discovery", "safe"} +categories = {"default", "discovery", "safe"} Add the default category if the script can get the info without authentication, especially if it can run without specific script arguments.The script can run without any arguments but I have two concerns, that may not make it suitable for the default category. 1. In most cases, when run against a server that does not have a master browser role the script will return the name of the server under each and every category, like this: Host script results: | smb-mbenum: | DFS Root | SERVER1 0.0 SERVER1 | Potential Browser | SERVER1 0.0 SERVER1 | Print server | SERVER1 0.0 SERVER1 | Server | SERVER1 0.0 SERVER1 | Server service | SERVER1 0.0 SERVER1 | Unix server | SERVER1 0.0 SERVER1 | Windows NT/2000/XP/2003 server | SERVER1 0.0 SERVER1 | Workstation |_ SERVER1 0.0 SERVER1 This doesn't really provide a lot of useful information in addition to being able to fingerprint the server as Terminal Server, SQL server etc. However, there are other scripts or simply indication of open ports that may do this. A potential solution would be to change the output to be more condensed if a single server is detected. 2. When run against a master browser it really provides a lot of value, as it will tell you the names of all available terminal servers, sql server, print servers etc. registered for that domain. In order to know which server to query (the master browser) you need to discover it using the broadcast-netbios-master-browser script or another method of your choice. When querying a master browser of a potentially large domain, this script may generate a *lot* of output which may or may not make it suitable for the default category.Ok, rejected.o giop-info.nse -categories = {"discovery", "safe"} +categories = {"default", "discovery", "safe"}This should be no problem.Approved.o vnc-info.nse -categories = {"discovery", "safe"} +categories = {"default", "discovery", "safe"}I think this is a good idea as it may discover servers not requiring a password for the VNC service.Approved.o ncp-serverinfo.nse -categories = {"discovery", "safe"} +categories = {"default", "discovery", "safe"}Sounds good to me.Approved.o smb-security-mode.nse currently: {"discovery", "safe"} Perhaps we should add the 'vuln' category to this one. And if the script can retrieve that info without authentication, then perhaps we can make it in the 'default' category. o afp-serverinfo.nse -categories = {"discovery", "safe"} +categories = {"default", "discovery", "safe"} If it can retrieve that info without authentication, then adding the 'default' category seems ok for me.Yes, this is all requested without authentication. Adding it to default sounds reasonable to me.I've just tried running smb-security-mode on a large network, and it produces good useful info, however in rare cases it can require a username/password as it's stated in the NSEDoc of the script. I'll wait for further feedback on this one and for the afp-serverinfo.nse Thanks Patrik! -- tixxdz http://opendz.org
I think you should add the afp-serverinfo to :) //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Update some scripts' categories, (continued)
- Re: [NSE] Update some scripts' categories Fyodor (Jul 09)
- Re: [NSE] Update some scripts' categories Patrik Karlsson (Jul 10)
- Re: [NSE] Update some scripts' categories Djalal Harouni (Jul 11)
- Re: [NSE] Update some scripts' categories Shinnok (Jul 12)
- Re: [NSE] Update some scripts' categories Djalal Harouni (Jul 12)
- Re: [NSE] Update some scripts' categories Patrik Karlsson (Jul 12)
- Re: [NSE] Update some scripts' categories Patrik Karlsson (Jul 12)
- Re: [NSE] Round 2: Update some scripts' categories Djalal Harouni (Jul 12)
- Re: [NSE] Round 2: Update some scripts' categories Patrik Karlsson (Jul 12)
- Re: [NSE] Round 2: Update some scripts' categories Djalal Harouni (Jul 12)
- Re: [NSE] Round 2: Update some scripts' categories Patrik Karlsson (Jul 12)
- Re: [NSE] Round 2: Update some scripts' categories Djalal Harouni (Jul 13)
- Re: [NSE] Round 2: Update some scripts' categories Djalal Harouni (Jul 18)
- Re: [NSE] Round 2: Update some scripts' categories Fyodor (Jul 23)
- Re: [NSE] Round 2: Update some scripts' categories Djalal Harouni (Jul 25)
- Re: [NSE] Update some scripts' categories Fyodor (Jul 09)