Re: General Webdav NSE script and the new IIS6 vulnerability

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> But that security-basics thread also highlighted an old, more general
> Webdav script from Kris which some people were using to help find
> potentially vulnerable systems (those with IIS6+WebDAV enabled):
>
> http://ack-rst.com/scripts/webdav.nse

It's good to see people using a script I wrote but completely forgot about,
especially when I can see code comments I don't remember like "'OPTIONS *' may
seem like a good idea (it did to me), but it blows" :-)

Upon first glance it appears that the script hosted on ack-rst is the same as
the one I originally posted to nmap-dev, aside from them copying part of my
email into the description field:

http://seclists.org/nmap-dev/2008/q1/0267.html

> So my questions are:
>
> 1) What is the status of this script?  Is it ready to be cleaned up
>    and integrated?  I suppose it would need NSEDoc comments, but is
>    there anything else missing or restructuring needed?  Maybe Kris
>    can let us know his thoughts on this.

I haven't been able to really keep up with recent NSE stuff, but here's what I
see that needs to be looked at:

1) NSEDoc stuff, as you said

2) I think the id field needs removing

3) License text needs updating

4) Possibly recategorized, but Discovery seems fine for now

All but #1 should be incredibly simple since they're just minor changes.

> 2) Do people want this script in Nmap?  Anyone want to test it out and
>    report back to nmap-dev how it worked for you, whether it would be
>    useful for you going forward, and any suggestions you might have
>    for improving it?

I'd love to hear any feedback on this!

It can probably be improved, but unfortunately my Lua is worse now than when I
wrote that script way back when.

> Cheers,
> -F

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKEydcAAoJEEQxgFs5kUfupzsQALyBEfBrFoPdrLO9P6684tW2
64eAr7c7E8G71mG7dtQChZJdKU4J4Fm3HrVzwt2fWS3Gjm4IFmZ1wxd2lCEYJQuF
fkgPCgwDMGHbZ7vImU5fWpllnvkVWkU7FYc9GfE/yFPbphTRWIy/+9NkccjBwY53
7pCvDckQoOpFN4MfH0muZuMwvxxvRUrNcDScLSOCDGp8FHHzNVnD6rrMjNbecdH5
8egmdPg83IVnIEJtSaFcE1dDyVJLcQwyfW4LpJl7h/2PVOTXUe1Ub53GTIqDaNLX
z1QctaIFgG65UJ04jO31GcSd/GtMTH7G3/qtqpQQDaRJXosR5Zv4DxPqdjK6/e1H
OlAkbOrcIWk+SOXGBWtwVnB/1MHm86wJVEm65vpcmBW+tK0bVGP69F9eHCIYZ7KE
Dk68Qp+p44QuTEYW4xcvsbAUJ74baWZHYgNDQgVt2h5dSbyqGSrUEDCFvbqI69XI
PCiE07+VGpkwOXMjitWSNqcoE/f6I40UgYORyOqM5RBT8RZkGAthKhgnsoEOd5sx
2vknVGGCfDJbRyWI5kUS4anQfMgRw5Z7FjJnKcMef3Iy0i7Vlibl3CoSlzbP9T19
Dg2tTg2RfCKA4+Ya/CBc+kRivAZeRwdgjYguyA6RyikQa5efkpUkQ9v3FbC7C7Ca
ote9JK4XrAfSokP/qHTh
=8zOX
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org