Nmap Development mailing list archives
Re: "version" scripts running after successful version detection
From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 16 Jul 2012 22:20:02 -0500
-------- Original Message -------- Subject: Re: "version" scripts running after successful version detection Date: Mon, 16 Jul 2012 20:15:54 -0500 From: Paulino Calderon <paulino () calderonpale com>To: David Fifield <david () bamsoftware com>, Nmap Dev <nmap-dev () insecure org>
On 16/07/2012 07:58 p.m., David Fifield wrote:
I notice that the script http-huawei-hg5xx-vuln is running for every -sV scan that finds an HTTP port. It's adding things to HTTP logs that look like this: 127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /nmaplowercheck1342486338 HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; Nmap Scripting Engine;http://nmap.org/book/nse.html)" 127.0.0.1 - - [16/Jul/2012:17:52:18 -0700] "GET /Listadeparametros.html HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; Nmap Scripting Engine;http://nmap.org/book/nse.html)" The script is running because it belongs to the "version" category. This is happening even when normal version scan finds a match. I had thought that NSE would not run "version" scripts for services that already have a match, but that appears not to be the case. The sample script at http://nmap.org/book/nse-vscan.html#nse-skypev2-script does this check in the portrule; are all scripts supposed to check in this way? In any event, it seems we shouldn't be running this script as often as it is being run. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived athttp://seclists.org/nmap-dev/
What fix do you guys suggest? I added it to the "version" category because it provided additional firmware and software version information. A possible solution is to remove it from that category until we find a better approach for version scripts of "known" services. Cheers! -- Paulino Calderón Pale Website:http://calderonpale.com Twitter:http://twitter.com/calderpwn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- "version" scripts running after successful version detection David Fifield (Jul 16)
- Re: "version" scripts running after successful version detection Toni Ruottu (Jul 16)
- <Possible follow-ups>
- Re: "version" scripts running after successful version detection Paulino Calderon (Jul 16)
- Re: "version" scripts running after successful version detection Daniel Miller (Jul 16)
- Re: "version" scripts running after successful version detection David Fifield (Jul 17)
- Re: "version" scripts running after successful version detection Daniel Miller (Jul 16)
- Re: "version" scripts running after successful version detection Paulino Calderon (Jul 16)