Re: "version" scripts running after successful version detection

[David Fifield <david () bamsoftware com>]

On Mon, Jul 16, 2012 at 10:37:22PM -0500, Daniel Miller wrote:
> On Mon, Jul 16, 2012 at 10:20 PM, Paulino Calderon
> <paulino () calderonpale com> wrote:
> > What fix do you guys suggest? I added it to the "version" category
> > because it provided additional firmware and software version
> > information. A possible solution is to remove it from that category
> > until we find a better approach for version scripts of "known" services.
>
> Is there a version or set of versions for the web server itself?
> Without this script, what does service version detection show? We
> could modify the portrule to first check if version information
> exists. If not, then behavior is the same as shortport.http. If so,
> then only run if the version info matches one of the expected values.

This sounds pretty reasonable to me. The only wrinkle is that
http-huawei is not *only* a "version" script. People may want to run it
independently of whether version detection is also done. Although now
that I think about it, if version detection doesn't find something
expected, there's not much point in running the script for any other
purpose--the only worry is the version signature being changed without
the script knowing about it.

Is there a way for a script to know when it is running as part of the
service detection phase and not the ordinary script scan phase? It could
then disable itself (or NSE could disable it) only in that case.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/