Re: [NSE script] vhosts on the same ip : copyright issues

[eldraco <eldraco () gmail com>]

hi all, 

I think this is really useful, but i think there also may be a problem here.

The site search.live.com is covered by the ugly "Microsoft Service Agreement" 
you can find here:
http://help.live.com/help.aspx?project=tou&market=en-us

It says things like this:
--------------------------
4. How You May Not Use the Service.

In using the service, you may not:

    * engage in, facilitate or further unlawful conduct;
    * use any automated process or service to access and/or use the service 
(such as a BOT, a spider, periodic caching of information stored by 
Microsoft, or "meta-searching");
---------------------------

This could arrise really bad effects in nmap, especially if this script came 
by default.

for example we can think of:
1- nmap can be potentially banned as an automated software in this search 
engines
2- our ips can be banned perhaps
3- more important: there are linux distributions out there like Debian that 
can not include software that have problems with a copyright issue.

This is true also with google and the like.

Can we find a way to do this and not to break any copyright?

cheers

eldraco



El Monday 25 August 2008 11:35:07 jah escribió:
> On 25/08/2008 12:31, Sven Klemm wrote:
> > Hi,
> >
> > I've written a NSE script that queries search.live.com for host names
> > using the same IP. The script requires the changes in my nse_sedusa
> > branch (svn://svn.insecure.org/nmap-exp/sven/nse_sedusa).
> >
> > I don't like the fact that it uses an external search engine to get
> > this information but I think the usefulness of the information
> > outweighs this.
> > I am open to hearing about better ideas to implement this or for
> > further sources to get lists of vhosts from.
>
> Hi Sven,
>
> I've written a script to do the same thing - not yet fully tested.
> I agree that it is a useful addition and that this fact outweighs the
> use of an external search engine.  My worry is that Microsoft will
> change the output or remove the IP search or otherwise make it difficult
> to maintain such a script.  For this reason, I've been sitting on the
> script and occasionally checking that it still works as expected.  So
> far, my concerns haven't been borne out, but that may change if such a
> script were to be widely used.  I guess there's only one way to find out...
> I have tried to make the script look less like an automated tool with
> the use of HTTP headers.
>
> I've also included a HTTP cookie which controls how many results are
> returned per request and then use nmap.verbosity to decide the number of
> domains printed (up to 30).  The script also displays the total number
> of search results that live.com reported which I think is useful to know
> (many domains = hosting provider or similar) and how many duplicate
> entries have been suppressed in the final output (which needs some work).
>
> Examples:
>
> Host script results:
> |  ipsearch: Showing 10 of 10 results. 4 duplicates not shown.
> |  insecure.org
> |  cgi.insecure.org
> |  insecure.com
> |  www.insecure.com
> |  images.insecure.org
> |_ download.insecure.org
>
> Host script results:
> |  ipsearch: Showing 10 of 158,000 results.
> |  www.navynews.co.uk
> |  www.avoncroft.org.uk
> |  www.smokedproduce.co.uk
> |  www.kashmir.co.uk
> |  www.clitheroefc.co.uk
> |  www.lbc.org.uk
> |  www.falkirkfolkclub.co.uk
> |  www.goodquarry.com
> |  www.kokodigital.co.uk
> |_ www.barnsleyrufc.co.uk
>
> I much prefer the comma delimited output you've opted for.
>
> So I thought perhaps you might like to incorporate some of this into
> your script and I attach my version for this purpose.  Of course, if
> you'd like me to send a patch I'd be happy to.
>
> Regards,
>
> jah



-- 
Ing. Sebastián García
http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org