Nmap Development mailing list archives
"version" scripts running after successful version detection
From: David Fifield <david () bamsoftware com>
Date: Mon, 16 Jul 2012 17:58:43 -0700
I notice that the script http-huawei-hg5xx-vuln is running for every -sV scan that finds an HTTP port. It's adding things to HTTP logs that look like this: 127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /nmaplowercheck1342486338 HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" 127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /Listadeparametros.html HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" The script is running because it belongs to the "version" category. This is happening even when normal version scan finds a match. I had thought that NSE would not run "version" scripts for services that already have a match, but that appears not to be the case. The sample script at http://nmap.org/book/nse-vscan.html#nse-skypev2-script does this check in the portrule; are all scripts supposed to check in this way? In any event, it seems we shouldn't be running this script as often as it is being run. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- "version" scripts running after successful version detection David Fifield (Jul 16)
- Re: "version" scripts running after successful version detection Toni Ruottu (Jul 16)
- <Possible follow-ups>
- Re: "version" scripts running after successful version detection Paulino Calderon (Jul 16)
- Re: "version" scripts running after successful version detection Daniel Miller (Jul 16)
- Re: "version" scripts running after successful version detection David Fifield (Jul 17)
- Re: "version" scripts running after successful version detection Daniel Miller (Jul 16)
- Re: "version" scripts running after successful version detection Paulino Calderon (Jul 16)