Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Professional Feed

From: Burak Cifter <hybridus.ml () gmail com>
Date: Sat, 20 Aug 2016 13:23:00 +0300
Good idea. But before having a professional feed, a reliable an simple
update system. After this "Nmap Update System", there could be an "Insecure
professional feed" and also other security researchers may provide (or
sell) their professional feed subscription.

On Fri, Aug 19, 2016 at 7:51 PM, Andrew Fastow <aur0spy () gmail com> wrote:


Dan,

I think he meant it more from a commercial angle to nse script repository
which can be subscribed to and obtain more info.

Correct me if I am wrong.

Regards,
Andy

Sent from my iPhone

On Aug 19, 2016, at 12:44, Daniel Miller <bonsaiviking () gmail com> wrote:

Hi,

I'm not exactly sure what you're proposing, but here are a few things
we've tried along the lines of a NSE script feed:

First, we used to have a "New VA Modules" email that went out daily and
included any new NSE scripts committed since the previous day, as well as
aggregating from the Nessus feed and Metasploit modules. We turned it off
in January 2015 since it was broken and nobody noticed.

Second, we developed a "Nmap update" program that is intended to provide a
way to get new NSE scripts, OS and service fingerprints, and other data
files. The biggest problem this system solved was incompatibilities between
Nmap versions with regard to what scripts they were able to run: we often
make changes that break binary compatibility, such as adding new library
bindings or upgrading Lua language versions. While this was solved from a
technical standpoint by having "release channels," it increased the level
of work required to maintain separate versions of scripts for each channel.
The system has never been released beyond developer's alpha.

What kind of system were you suggesting?

Dan

On Wed, Aug 10, 2016 at 5:15 AM, <nse () sigaint org> wrote:


Apologies for the slightly off-topic query, but I'm curious if there is
any interest here for a "professional feed" repository of NSE scripts.
This would be something similar to Nessus's feed but obviously much easier
to embed within other scripts and tools. I imagine this could be really
useful for pen testers and sysadmins who want to automate vulnerability
scanning, but would like some feedback on the idea before investing more
resources on further development. Besides for the amount of work involved
in maintaining such a repo, is there a reason this hasn't been done yet?



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: