Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GSoC 2012 Project - Vulnerability and exploitation specialist

From: David Fifield <david () bamsoftware com>
Date: Thu, 29 Mar 2012 09:25:40 -0700
On Thu, Mar 29, 2012 at 06:18:04PM +0200, Aleksandar Nikolic wrote:

I've been meaning to ask about that.
I am not sure if that check (check if that is really RDP we are talking to)
is really necessary?

From the testing for vulnerability point of view, it's not.

Doesn't nmap already fingerprints the port?
And apparently some versions of RDP return different results there.
I'll try to drop that check and test the script and will send you a patch
if it works.


I wasn't necessarily saying to drop the check, because you might still
need that for normal error checking, just that maybe you shouldn't call
Report:make_output in that case.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: