Nmap Development mailing list archives
Re: [NSE] MSRPC Libraries (stable, I hope!)
From: Ron <ron () skullsecurity net>
Date: Wed, 29 Oct 2008 11:29:13 -0500
Fyodor wrote:
There are two sides to this. Finding which patches have been applied is easy, I imagine, since they're stored all over the place. But finding which patches are missing is much more difficult, because it requires an update every time a patch is released (volunteers? :) ), and ideally it'd require a way to quickly update Nmap's scripts without updating the whole program.On Wed, Oct 29, 2008 at 08:55:09AM -0500, Ron wrote: Hi Ron. Installed patches certainly strikes me as something extremely valuable. If it is too much to print by default, it could be stored in the registry and then perhaps a different script could take that data and use it to present a list of missing security patches.
I agree, scripts should run the gamut, why not? But personally, I like to write stuff that I find useful, and I'm a security guy. :)Well, the patch list is clearly useful for security. Also, a key goal of NSE was to be useful for more general network administration (or at least discovery/inventory) work. We may call this project the Nmap Security Scanner, but it is clearly used by a much broad base than that. This is why the first two sentences on nmap.org say: "Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime."
Of course, the registry-reading functions I wrote are easy to use (they're identical to the Windows ones -- OpenHKLM(), OpenKey(), QueryValue(), etc), so once this is working nicely I'm hoping others will contribute.
Of course for individual scripts, more focus can be beneficial. Multiple targetted scriptsi is probably better than one giant one which tries to make everyone happy. One of the great things about the MSRPC libraries is that they are useful for a wide variety of tasks. I'm really excited by them!
Glad to hear it!
Cheers, -F
Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 28)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Brandon Enright (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Brandon Enright (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Fyodor (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 03)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 03)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 04)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 04)