Nmap Development mailing list archives
Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 11 Dec 2006 02:51:55 +0000
On Sun, 10 Dec 2006 18:31:30 -0800 Fyodor <fyodor () insecure org> wrote: ...snip...
While it seems to generally be working well, don't consider the current behavior a "done deal" where we're only looking to fix bugs. We're hoping to get your input on things like what categories we should use, what sort of standard NSE library functions are needed, what API changes would make script writing easier or more powerful, etc.
Being a script writer primarily interested in security auditing, the biggest hole in NSE libraries for me, is with MS RPC calls. A few months ago when MS06-040 was a big deal you requested that someone write an NSE script to check for the patch. I looked into doing so, as I'm sure others did too. I decided it was tool difficult/would not be flexible enough to write a check in pure LUA. Most other frameworks like Metasploit or Nessus were able to quickly release exploits/checks because they've already laid the RPC groundwork. Here is a snip from the MS06-040 Metasploit exploit by H D Moore: my $handle = Pex::DCERPC::build_handle( $uuid, $version, 'ncacn_np', $target_host, $pipe ); my $dce = Pex::DCERPC->new( 'handle' => $handle, 'username' => $self->GetVar('SMBUSER'), 'password' => $self->GetVar('SMBPASS'), 'domain' => $self->GetVar('SMBDOM'), 'fragsize' => $self->GetVar('FragSize'), 'bindevasion' => $self->GetVar('BindEvasion'), 'directsmb' => $self->GetVar('DirectSMB'), ); If NSE had something like Metasploit's DCERPC or Nessus's generic RPC packet creation functions it would gain so much more flexibility and power. Also, checks from other frameworks could (in most cases) be ported to NSE. Making an RPC library for NSE would be a big undertaking but would benefit the community greatly in the long run. Brandon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Fyodor (Dec 10)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Brandon Enright (Dec 10)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Diman Todorov (Dec 11)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Arturo 'Buanzo' Busleiman (Dec 11)
- Re: Nmap 4.21ALPHA1 -- Nmap Scripting Engine integrated Brandon Enright (Dec 10)