Nmap Development mailing list archives
Re: Using Samba code?
From: Fyodor <fyodor () insecure org>
Date: Sat, 27 Sep 2008 22:19:35 -0700
On Sat, Sep 27, 2008 at 11:28:44PM -0500, Ron wrote:
Fyodor wrote: Maybe this is a separate topic altogether, but have the NSE developers looked at a way to distribute scripts yet, besides including them in an install? Like, having one or more repositories for scripts that can easily be downloaded/updated without updating Nmap itself.
I think 'svn up' is very easy and effective. That's what I do every morning. It gets you all the new scripts, and you don't even need to rebuild Nmap unless there was an important code change (I almost always do just to be on the safe side since it only takes a couple minutes). Of course this doesn't help so much for (hypothetical) 3rd party script repositories. An NSE script could be written which contacts other repositories and downloads the latest scripts. There are also the nmap-exp branches, such as Sven's, where developers can host their latest scripts before they are merged.
The downside to that would be malicious repositories. How do you guarantee that your automatically downloaded updates from non-Nmap repositories are actually safe?
We have OpenSSL to help verify that the scripts were not compromised during download, but that doesn't stop a rogue repository operator from including a trojan script. Which would be dangerous, since NSE scripts are not sandboxed. So you certainly need to be very careful about what scripts you run. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Using Samba code? Ron (Sep 23)
- Re: Using Samba code? Fyodor (Sep 27)
- Re: Using Samba code? Ron (Sep 27)
- RE: Using Samba code? Aaron Leininger (Sep 27)
- Re: Using Samba code? Fyodor (Sep 27)
- RE: Using Samba code? Aaron Leininger (Sep 28)
- Re: Using Samba code? Ron (Sep 28)
- Re: Using Samba code? Ron (Sep 27)
- Re: Using Samba code? Fyodor (Sep 27)
- Re: Using Samba code? Fyodor (Sep 27)
- Re: Using Samba code? Ron (Sep 27)
- Re: Using Samba code? Arturo 'Buanzo' Busleiman (Sep 28)