Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements

From: Fyodor <fyodor () insecure org>
Date: Fri, 3 Oct 2008 13:18:27 -0700
On Fri, Oct 03, 2008 at 05:18:57PM +0200, Sven Klemm wrote:


I think we should never follow redirects unless it's the same port.
Otherwise the script output will not be relevant to the port but refer
to something completely unrelated. If it redirects to another port we
should show the target for the redirect in script output.


FWIW, I agree with all of this.


Doing a DNS query would make the script belong to the external and
currently we don't have "external" scripts in the default category.


Well, I'm not certain it would have to go in external just for this
sort of DNS query against the normal name servers Nmap users anyway.
This seems like a very low privacy risk compared to even our other
DNS-related extern scripts.  I'm not taking sides on whether we should
do the lookup, just saying that looking up the IP of the redirect host
probably wouldn't banish the script from the default category.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: