Nmap Development mailing list archives
Re: [NSE script] vhosts on the same ip : copyright issues
From: eldraco <eldraco () gmail com>
Date: Mon, 25 Aug 2008 22:30:05 -0300
hi all, I think this is really useful, but i think there also may be a problem here. The site search.live.com is covered by the ugly "Microsoft Service Agreement" you can find here: http://help.live.com/help.aspx?project=tou&market=en-us It says things like this: -------------------------- 4. How You May Not Use the Service. In using the service, you may not: * engage in, facilitate or further unlawful conduct; * use any automated process or service to access and/or use the service (such as a BOT, a spider, periodic caching of information stored by Microsoft, or "meta-searching"); --------------------------- This could arrise really bad effects in nmap, especially if this script came by default. for example we can think of: 1- nmap can be potentially banned as an automated software in this search engines 2- our ips can be banned perhaps 3- more important: there are linux distributions out there like Debian that can not include software that have problems with a copyright issue. This is true also with google and the like. Can we find a way to do this and not to break any copyright? cheers eldraco El Monday 25 August 2008 11:35:07 jah escribió:
On 25/08/2008 12:31, Sven Klemm wrote:Hi, I've written a NSE script that queries search.live.com for host names using the same IP. The script requires the changes in my nse_sedusa branch (svn://svn.insecure.org/nmap-exp/sven/nse_sedusa). I don't like the fact that it uses an external search engine to get this information but I think the usefulness of the information outweighs this. I am open to hearing about better ideas to implement this or for further sources to get lists of vhosts from.Hi Sven, I've written a script to do the same thing - not yet fully tested. I agree that it is a useful addition and that this fact outweighs the use of an external search engine. My worry is that Microsoft will change the output or remove the IP search or otherwise make it difficult to maintain such a script. For this reason, I've been sitting on the script and occasionally checking that it still works as expected. So far, my concerns haven't been borne out, but that may change if such a script were to be widely used. I guess there's only one way to find out... I have tried to make the script look less like an automated tool with the use of HTTP headers. I've also included a HTTP cookie which controls how many results are returned per request and then use nmap.verbosity to decide the number of domains printed (up to 30). The script also displays the total number of search results that live.com reported which I think is useful to know (many domains = hosting provider or similar) and how many duplicate entries have been suppressed in the final output (which needs some work). Examples: Host script results: | ipsearch: Showing 10 of 10 results. 4 duplicates not shown. | insecure.org | cgi.insecure.org | insecure.com | www.insecure.com | images.insecure.org |_ download.insecure.org Host script results: | ipsearch: Showing 10 of 158,000 results. | www.navynews.co.uk | www.avoncroft.org.uk | www.smokedproduce.co.uk | www.kashmir.co.uk | www.clitheroefc.co.uk | www.lbc.org.uk | www.falkirkfolkclub.co.uk | www.goodquarry.com | www.kokodigital.co.uk |_ www.barnsleyrufc.co.uk I much prefer the comma delimited output you've opted for. So I thought perhaps you might like to incorporate some of this into your script and I attach my version for this purpose. Of course, if you'd like me to send a patch I'd be happy to. Regards, jah
-- Ing. Sebastián García http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE script] vhosts on the same ip Sven Klemm (Aug 25)
- Re: [NSE script] vhosts on the same ip sara fink (Aug 25)
- Re: [NSE script] vhosts on the same ip Sven Klemm (Aug 25)
- Re: [NSE script] vhosts on the same ip jah (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues eldraco (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues Arturo 'Buanzo' Busleiman (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues jah (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues eldraco (Aug 25)
- Re: [NSE script] vhosts on the same ip Fyodor (Sep 02)
- Re: [NSE script] vhosts on the same ip David Fifield (Sep 05)
- Re: [NSE script] vhosts on the same ip Kris Katterjohn (Sep 05)
- Re: [NSE script] vhosts on the same ip jah (Sep 05)
- Re: [NSE script] vhosts on the same ip Arturo 'Buanzo' Busleiman (Sep 05)
- Re: [NSE script] vhosts on the same ip David Fifield (Sep 05)
- Re: [NSE script] vhosts on the same ip Fyodor (Sep 05)
- "external" script category David Fifield (Sep 09)
- Re: [NSE script] vhosts on the same ip sara fink (Aug 25)