Nmap Development mailing list archives
Re: Gyani's Status Report - #9 of 17
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 29 Jun 2015 10:24:39 -0500
List, To make up for some of Gyani's brevity on account of his connectivity issues, I'd like to expand on a couple of these exciting items: On Mon, Jun 29, 2015 at 9:59 AM, Gyanendra Mishra <anomaly.the () gmail com> wrote:
* Solved #115 - The script doesn't calculate scores and warnings where ever ssl is required, also you won't see the error logs if you run with -d and don't have ssl.
The ssl-enum-ciphers script has become one of the de-facto standard ways of testing an SSL/TLS deployment, ranking near the top with sslscan and Qualys SSL Labs. This update allows the script to be mostly useful for users who choose to compile without OpenSSL support. Scores are not listed for most ciphersuites whose strength is based on the server certificate, but the ciphersuites are still enumerated, DH parameters checked, and some warnings issued for misconfigurations.
* Wrote a first draft for auto auth, requires user supplied args http.username and http.password allows NTLM, Digest and Basic. I would suggest that you guys don't change your http.lua :P as this one is probably very bugy. Couldn't test much because of no connectivity.[1] I didn't write over my http.lua as it had a working and tested support for NTLM and didn't want this version to mess it up. I guess I should make another folder in nmap-exp/gyani called "probably buggy" :P.
I am really excited for this. The http.lua library is used in 130 NSE scripts, and auto-auth would enable many of those scripts to extend to reach deeper into authentication-protected services. Some potential use-cases: * Run http-brute to break into a service and then use the discovered credentials to run http-grep looking for sensitive information inside. * Provide Windows domain credentials via --script-args-file and then use http-title to get the title of all NTLM-auth-protected web services on an internal network (NTLM auth was added by Gyani last week, and will be committed soon, pending a little further testing and review).
* Added parsing for the smb response for linux versions, my system is Ubuntu 14.04 and it returns Unix (Samba 4.1.6-Ubuntu). Some more version strings provided by you guys would be awesome to test.[2]
The osinfo.lua library will provide automatic OS name and version canonicalization based on version strings and build numbers that are found in various service banners. We do a lot of this in nmap-service-probes, but this should help scripts to report discovered OS's in a standardized way. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Gyani's Status Report - #9 of 17 Gyanendra Mishra (Jun 27)
- Re: Gyani's Status Report - #9 of 17 Gyanendra Mishra (Jun 29)
- Re: Gyani's Status Report - #9 of 17 Daniel Miller (Jun 29)
- Re: Gyani's Status Report - #9 of 17 Gyanendra Mishra (Jun 29)