Nmap Development mailing list archives
Re: nmap crash
From: Henri Doreau <henri.doreau () gmail com>
Date: Sat, 21 Feb 2015 22:23:53 +0100
2015-02-20 17:45 GMT+01:00 Daniel Miller <bonsaiviking () gmail com>:
Mike, I just reproduced the problem: it was caused by pressing Ctrl+C while a script is sleeping. I reproduced it with a super-simple prerule script which just sleeps for 10 seconds. Now we just need to come up with a proper fix. I do want to caution you that 'http*' includes a few scripts that you probably don't want to run for just information gathering: dos (denial of service) category: http-slowloris. This is probably the script that crashed, since it calls sleep a lot. This will run for 30 minutes by default, and will conflict with other scripts since it tries to prevent the target from responding to anyone (even NSE!). brute category: http-brute, http-form-brute, http-iis-short-name-brute, http-joomla-brute, http-proxy-brute, and http-wordpress-brute. If there are any authorization forms or 401 codes, some these scripts will try to brute-force logins. http-iis-short-name-brute will try to brute-force names of files on the target, too. external category: http-google-malware, http-icloud-findmyiphone, http-icloud-sendmsg, http-open-proxy, http-proxy-brute, http-robtex-reverse-ip, http-robtex-shared-ns, http-virustotal, and http-xssed. These will all request information about your target from external sources, or attempt to contact external servers through your target. Dan
Hi, This was on windows, right? Dan, could you reproduce on Linux as well? If so can you share the details because simply interrupting a sleeping script does not crash here. Also, canceling NSE timers seems to work properly (sleeping script + short --host-timeout value). Henri _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap crash Mike . (Feb 08)
- Re: nmap crash Daniel Miller (Feb 19)
- Message not available
- Re: nmap crash Daniel Miller (Feb 20)
- Re: nmap crash Henri Doreau (Feb 21)
- Message not available
- Re: nmap crash Daniel Miller (Feb 19)