Nmap Development mailing list archives
Re: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP)
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 20 May 2014 13:59:46 -0500
Justin, Thanks for these scripts! I'm looking them over now, and I hope to commit them soon, or at least comment if anything seems amiss. Sorry about leaving you hanging so long, we really appreciate your contributions. Dan On Tue, May 13, 2014 at 12:42 PM, NMap User1 <nmapuser1 () gmail com> wrote:
Hi Dan, Just wanted to follow up on the status of incorporating these scripts into Nmap. I think keeping the scripts separate would be the easiest for users, as well as developers submitting additional scripts that enumerate such information via the NTLM authentication protocol. I've re-attached the scripts to this e-mail, some of which contain minor updates: * MS-SQL * SMTP * IMAP * POP3 * Telnet * NNTP Just let me know if there are any questions or how I can help. Thanks, Justin ---------------------------------------------------------------------------- Hi Dan, I originally contemplated creating one large script to handle all the various protocols. However, the name of the script wouldn't align with the traditional naming scheme ([protocol]-[name]). Thus, it may confuse users especially when searching for protocol specific scripts, or, trying to enable all scripts for a defined protocol (e.g --script http-*,telnet-*,etc.). I'm more than happy to combine all protocols into one monolithic script if needed. I just need some guidance from the Nmap team what the preferred method would be. Thoughts? Regards, Justin ---------------------------------------------------------------------------- From: Daniel Miller [mailto:bonsaiviking () gmail com] Sent: Wednesday, April 23, 2014 1:50 PM To: NMap User1; dev () nmap org Subject: Re: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) Justin, These look really neat, and I'm sure we can integrate them somehow. Do you think that it would be possible to combine them into one script that just handles the pre-NTLM protocol handshaking depending on the service, then does the NTLM information gathering on its own? Take a look at how sslcert library (http://nmap.org/nsedoc/lib/sslcert.html) does things with the SPECIALIZED_PREPARE_TLS and StartTLS tables, for instance. Just a thought for now, since I haven't had time to take a closer look yet. Dan
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) NMap User1 (Apr 23)
- Re: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) Daniel Miller (Apr 23)
- RE: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) NMap User1 (Apr 25)
- RE: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) NMap User1 (May 13)
- Re: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) Daniel Miller (May 20)
- Re: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) Daniel Miller (May 20)
- Re: [NSE] Script Submission: NTLM Information Disclosure (MS-SQL, SMTP, IMAP, POP3, Telnet, NNTP) Daniel Miller (Apr 23)