Nmap Development mailing list archives

Re: LUA Script Ideas

From: "Eddie Bell" <ejlbell () gmail com>
Date: Mon, 31 Jul 2006 12:52:20 +0200

This feature is very cool. I've attached a little script that no
vulnerability scanner scan should be without, anonymous ftp check  :)
I can't wait to try and code a proper vulnerability test.

I haven't check the code yet but it would be very useful if NSE had
access to os detection and service scan results because vulnerability
checks would be very accurate. Especially memory corruption based
tests.

And how are the scripts going to be distributed? All with the nmap
archive? An online    repository? A nessus style seperate archive?
etc..

-ejlb

On 31/07/06, Fyodor <fyodor () insecure org> wrote:

If you have tried Diman's new Nmap Scripting Engine (LUA) enhancement,
you've seen that it ships with a dozen simple scripts:

lua_scripts/harmless:
-rw------- 1 fyodor fyodor  473 Jul 22 05:54 chargenTest.lua
-rw------- 1 fyodor fyodor  476 Jul 22 05:54 daytimeTest.lua
-rw------- 1 fyodor fyodor  515 Jul 22 05:54 echoTest.lua
-rw------- 1 fyodor fyodor  625 Jul 22 05:54 ripeQuery.lua
-rw------- 1 fyodor fyodor 1064 Jul 30 22:03 showHTMLTitle.lua
-rw------- 1 fyodor fyodor  918 Jul 30 04:42 showOwner.lua
-rw------- 1 fyodor fyodor  554 Jul 30 05:16 showSMTPVersion.lua
-rw------- 1 fyodor fyodor  579 Jul 22 05:54 showSSHVersion.lua
lua_scripts/intrusive:
-rw------- 1 fyodor fyodor 1228 Jul 22 05:54 xamppDefaultPass.lua
lua_scripts/malware:
total 16
-rw------- 1 fyodor fyodor 604 Jul 22 05:54 ircZombieTest.lua
-rw------- 1 fyodor fyodor 913 Jul 22 05:54 kibuvDetection.lua
-rw------- 1 fyodor fyodor 534 Jul 22 05:54 mswindowsShell.lua
-rw------- 1 fyodor fyodor 468 Jul 22 05:54 strangeSMTPport.lua

Some of these are just for demonstration purposes while others may be
worth keeping in the default Nmap distribution.  Does anyone have any
other ideas of useful scripts you would like to see in Nmap by
default?  I'm thinking of network discovery scripts in particular,
though vulnerability testing scripts are welcome too.  Scripts can be
specific to a service, or to the target host in general.

If you have ideas, please post them.  And extra credit if you try your
hand at writing and testing the script and then mail it to us for
incorporation.  You can learn more about using the system by reading
the included docs/nmap-lua.1 and looking at the test scripts.  You can
also read the first edition of the definitive LUA book at
http://www.lua.org/pil/ .  The 2nd edition (which I've been reading
this evening) can be had in print for $25 at Amazon.  Its an
interesting language!

Cheers,
-F



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Martin Mačok (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
  - Re: LUA Script Ideas Fyodor (Jul 31)
    - Re: LUA Script Ideas Eddie Bell (Aug 01)
    - Re: LUA Script Ideas Fyodor (Aug 02)
- Re: LUA Script Ideas Richard Moore (Jul 31)
- Re: LUA Script Ideas Jon Passki (Jul 31)