Nmap Development mailing list archives
Re: NSE Professional Feed
From: Burak Cifter <hybridus.ml () gmail com>
Date: Sat, 20 Aug 2016 13:23:00 +0300
Good idea. But before having a professional feed, a reliable an simple update system. After this "Nmap Update System", there could be an "Insecure professional feed" and also other security researchers may provide (or sell) their professional feed subscription. On Fri, Aug 19, 2016 at 7:51 PM, Andrew Fastow <aur0spy () gmail com> wrote:
Dan, I think he meant it more from a commercial angle to nse script repository which can be subscribed to and obtain more info. Correct me if I am wrong. Regards, Andy Sent from my iPhone On Aug 19, 2016, at 12:44, Daniel Miller <bonsaiviking () gmail com> wrote: Hi, I'm not exactly sure what you're proposing, but here are a few things we've tried along the lines of a NSE script feed: First, we used to have a "New VA Modules" email that went out daily and included any new NSE scripts committed since the previous day, as well as aggregating from the Nessus feed and Metasploit modules. We turned it off in January 2015 since it was broken and nobody noticed. Second, we developed a "Nmap update" program that is intended to provide a way to get new NSE scripts, OS and service fingerprints, and other data files. The biggest problem this system solved was incompatibilities between Nmap versions with regard to what scripts they were able to run: we often make changes that break binary compatibility, such as adding new library bindings or upgrading Lua language versions. While this was solved from a technical standpoint by having "release channels," it increased the level of work required to maintain separate versions of scripts for each channel. The system has never been released beyond developer's alpha. What kind of system were you suggesting? Dan On Wed, Aug 10, 2016 at 5:15 AM, <nse () sigaint org> wrote:Apologies for the slightly off-topic query, but I'm curious if there is any interest here for a "professional feed" repository of NSE scripts. This would be something similar to Nessus's feed but obviously much easier to embed within other scripts and tools. I imagine this could be really useful for pen testers and sysadmins who want to automate vulnerability scanning, but would like some feedback on the idea before investing more resources on further development. Besides for the amount of work involved in maintaining such a repo, is there a reason this hasn't been done yet? _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE Professional Feed nse (Aug 10)
- Re: NSE Professional Feed Daniel Miller (Aug 19)
- Re: NSE Professional Feed Andrew Fastow (Aug 19)
- Re: NSE Professional Feed Burak Cifter (Aug 20)
- Re: NSE Professional Feed Andrew Fastow (Aug 19)
- Re: NSE Professional Feed Daniel Miller (Aug 19)