Re: [RFC] Default NSE Scripts

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> On Fri, May 16, 2008 at 05:00:53PM -0500, Kris Katterjohn wrote:
> > I've removed the "Recursion not enabled" line from the script, and have
> > also removed it from Default list.  Sorry that one took so long :)
>
> I think it may be worth keeping in the default list now that you've
> removed the "not enabled" response.  Also, I just changed the DNS
> query target in that script from isc.sans.org to www.wikipedia.org
> since the latter is a bit less distinctive.

OK, I've added back to my list.  Thinking about it again, since the
version detection can potentially "waste" time on open|filtered ports,
the default script scan could understandably behave the same way since
they're both really in-depth.

> > * ircServerInfo - I don't think this is default material (but I'm also
> >   not an IRC user)
>
> Well, it only runs if an IRC port is open and it then does discovery
> for server information.  I'd suggest including it unless people think
> the output is too verbose or not useful enough.

Running against irc.efnet.org gives me:

6666/tcp open  irc     syn-ack
|  IRC Server Info: Server: irc.blessed.net
|  Version: ircd-ratbox-3.0.0beta3(20080423_3-25265). irc.blessed.net
|  Servers/Ops/Chans/Users: 61/406/27994/59199
|  Lservers/Lusers: 1/1360
|  Uptime: 13 days, 6:41:47
|  Source host: adsl-074-182-015-130.sip.jan.bellsouth.net
|_ Source ident: NONE or BLOCKED

Which is quite verbose.  It too could be fixed up with nmap.verbosity(),
but I don't want to mess with it because I don't know what would be
interesting enough for IRC users :)

> > * zoneTrans - Just doesn't seem like default material IMO
>
> I like this one too.  Many name servers still allow zone transfers to
> anyone.  I succeeded in this just a few weeks ago.  The domain had 3
> name servers and the first two failed to allow the transfer.  But the
> third was a charm!

Sounds good to me.

> Cheers,
> -F

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSC4c1f9K37xXYl36AQKXZRAAj4YqYkoPb8CcKeKkgAao7qz+Tzu4b8nu
yD7ec5eN0CkVpe+DHrOpyJwQSO9DFY/oTcxlUYTqEJth7eKASb/rHlZknowcxVM+
WOb/yRQlbHafbldpfVdqxF9hGPynNON6TNK7rBK1TJq4jHvReDBjqAtLdmh/jiBI
K1bwXhHIKBxmuqi7gzx/gxIoCxvAkzMu2qi1ayT8nQGb5odXEXKx0wbfHa1r0Scs
d9nkPjulZUkxX8Dx14LM05wJR0x4Yv1hqUJNVOCuUaxhzhffXPNAD0pqXvfIC2ec
/vus9kkqRPnBIyoIQB/RfaGa30yHwZvbChZMQhmrtAKlAb5bob2jgQJabwpyTvEu
unuwK9Q7/xUH4JbSLYeEbiqozbCTLn2iYp7pV38WmOt2dPv6LgIOayMEMOniOj55
++6AsTVGM0sm3UCOmFTkj0+2escs+EkIkKF1N1D1QvyoNKG+9QJgE8B8HJLwLyrG
TRm3YwiM15+gaEmaIBy0gIuwntnvMbHIDoR9hU0tLBbEUdzdULLrDIqwvJHVArn1
Uh3ET5fVMSn0L2Wr1jOPzV2GfOhQfQwiPuS683nMo3nQuIvX7/qr4omYWbK1rWaV
ga1s5cDK+M6h+pdseWQud9g+HGANqLVhjVIIXKUfifA1ED4Q8dkrT6A8Bx83gzT/
+1o62aiADOk=
=WcSk
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org