Nmap Development mailing list archives
Re: [NSE] New script: http-qnap-nas-info.nse
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 29 Jan 2012 17:07:49 +0100
On Sun, Jan 29, 2012 at 3:03 PM, Duarte Silva <duarte.silva () serializing me>wrote:
On Sunday 29 January 2012 23:53:55 you wrote:Hi nmap-dev, Attached is http-qnap-nas-info.nse which attempts to retrieve the model, firware version, and enabled services from a QNAP Network Attached Storage (NAS) device. It has been test on models: TS-859, TS-639, TS-509, TS-459, TS-419,TS-239,TS-219, TS-209, TS-101 Example output: PORT STATE SERVICE REASON 443/tcp open https syn-ack | http-qnap-nas-info: | Device Model: TS-859 | Firmware Version: 3.2.5 | Firmware Build: 0410T | Force SSL: 0 | SSL Port: 443 | WebFS Enabled: 1 | Multimedia Station Enabled: 0 | Multimedia Station V2 Supported: 1 | Multimedia Station V2 Web Enabled: 0 | Download Station Enabled: 0 | Network Video Recorder Enabled: 0 | Web File Manager Enabled: 1 | QWeb Server Enabled: 1 | QWeb Server Port: 80 | Qweb Server SSL Enabled: 0 |_ Qweb Server SSL Port: 8081 Feedback and suggestions are welcomed.Hi Brendan, Nice one! I have some observations: - the tostring() method is being used with variables that are already known to be strings; - you have a space in the begining of line 54 and 57 (I'm just picky with identation :P ); - also in line 57, the http.status is an integer, so you can just use "http.status == 200" instead of tostring(data.status):match("200"); Wondering if it would be good to put the "property" strings ("internalModelName", "version", etc.) to a separate file. It would be easier for a user to add new properties in case QNAP adds them (it could also allow the user to supply it's own properties). What do you think? Once again, nice work, regards, Duarte Silva _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi Brendan, I agree with Duarte, great script! I just tried it against a device and it looks good. If you make the first 3 changes Duarte proposes I can commit it. In regards to the property strings, I think we should keep them in the script for now. The property table is similar to what I've done in the memcached-info and membase-http-info and it makes it easy enough to add more entries while avoiding the additional code handling an external file. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New script: http-qnap-nas-info.nse Brendan Coles (Jan 29)
- Re: [NSE] New script: http-qnap-nas-info.nse Duarte Silva (Jan 29)
- Re: [NSE] New script: http-qnap-nas-info.nse Patrik Karlsson (Jan 29)
- Re: [NSE] New script: http-qnap-nas-info.nse David Fifield (Jan 30)
- Re: [NSE] New script: http-qnap-nas-info.nse Brendan Coles (Jan 31)
- Re: [NSE] New script: http-qnap-nas-info.nse Patrik Karlsson (Jan 31)
- Re: [NSE] New script: http-qnap-nas-info.nse Patrik Karlsson (Jan 29)
- Re: [NSE] New script: http-qnap-nas-info.nse Duarte Silva (Jan 29)