Nmap Development mailing list archives

Re: conficker scan

From: David Fifield <david () bamsoftware com>
Date: Tue, 31 Mar 2009 17:22:43 -0600

On Tue, Mar 31, 2009 at 08:18:17PM +0000, Joshua Kaplan wrote:

Got the scan working. Please clarify one result. In the host script
results section, I see:

MS08-067: NOT RUN

The original command line is:

nmap -p 445 -d -PN --script smb-check-vulns --script-args safe=1 192.168.1.105 >> conficker_scan.txt


The smb-check-vulns.nse script is capable of checking for several
vulnerabilities (currently three). See

        http://nmap.org/nsedoc/scripts/smb-check-vulns.html

With --script-args safe=1, it doesn't run checks that can potentially
crash the target. The MS08-067 check is one of those. The script is just
informing you that it doesn't have a positive or negative result for
that particular test, because it wasn't run.

Though Ron, I think it would be a good idea if the NOT RUN for MS08-067
had the notice "(add --script-args=unsafe=1 to run)" like the regsvc DoS
does. That might reduce some of this confusion.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

conficker scan Joshua Kaplan (Mar 31)
- Re: conficker scan David Fifield (Mar 31)
- <Possible follow-ups>
- conficker scan Joshua Kaplan (Mar 31)
  - Re: conficker scan Brandon Enright (Mar 31)
  - Re: conficker scan ( MS08-067: NOT RUN question) Tom Sellers (Mar 31)
  - Re: conficker scan David Fifield (Mar 31)
    - Re: conficker scan Ron (Mar 31)