Nmap Development mailing list archives
Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 11 Dec 2006 02:51:55 +0000
On Sun, 10 Dec 2006 18:31:30 -0800 Fyodor <fyodor () insecure org> wrote: ...snip...
While it seems to generally be working well, don't consider the current behavior a "done deal" where we're only looking to fix bugs. We're hoping to get your input on things like what categories we should use, what sort of standard NSE library functions are needed, what API changes would make script writing easier or more powerful, etc.
Being a script writer primarily interested in security auditing, the biggest
hole in NSE libraries for me, is with MS RPC calls. A few months ago when
MS06-040 was a big deal you requested that someone write an NSE script to
check for the patch. I looked into doing so, as I'm sure others did too.
I decided it was tool difficult/would not be flexible enough to write a
check in pure LUA. Most other frameworks like Metasploit or Nessus were
able to quickly release exploits/checks because they've already laid the
RPC groundwork.
Here is a snip from the MS06-040 Metasploit exploit by H D Moore:
my $handle = Pex::DCERPC::build_handle( $uuid, $version, 'ncacn_np',
$target_host, $pipe );
my $dce = Pex::DCERPC->new(
'handle' => $handle,
'username' => $self->GetVar('SMBUSER'),
'password' => $self->GetVar('SMBPASS'),
'domain' => $self->GetVar('SMBDOM'),
'fragsize' => $self->GetVar('FragSize'),
'bindevasion' => $self->GetVar('BindEvasion'),
'directsmb' => $self->GetVar('DirectSMB'),
);
If NSE had something like Metasploit's DCERPC or Nessus's generic RPC
packet creation functions it would gain so much more flexibility and
power. Also, checks from other frameworks could (in most cases) be ported
to NSE. Making an RPC library for NSE would be a big undertaking but would
benefit the community greatly in the long run.
Brandon
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Fyodor (Dec 10)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Brandon Enright (Dec 10)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Diman Todorov (Dec 11)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Arturo 'Buanzo' Busleiman (Dec 11)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Brandon Enright (Dec 10)