Re: NSE Script: x11 server checking

[vladz () devzero fr]

Hello David,

Thank you for all your comments.

On Fri, Aug 07, 2009 at 06:25:36PM -0600, David Fifield wrote:
> I think this script is a good idea and it should be run even if version
> detection has been done already. The reason I think that is that not all
> the version probes report the open status, and having it on a line of
> NSE output will make it easy to grep for.

I don't think that this test could be ran twice (two checks for same
result is not that proper no ?). The better thing to do (to have 
something easy to grep) would be that the two scanning mode "-sV" and 
"-sC" display the same message ("opened" as in version detection, or 
"X server access is granted" as in the script... as you wish). But the 
check will be ran once. 

> The X11Probe in nmap-service-probes works with ports 6000-6020. Do you
> think the script should cover that whole range, or just the ports 6000,
> 6001, and 6003 that are listed in the script?

It was an initial version of the script, but I think it should cover
ports from 6000 to 6009 (included), because over 6009 it's usually used 
for ssh X tunneling.

I've attached a new version of the script that includes your comments: 
   - Script renamed in x11-access.nse
   - Added @output tag
   - Added exception handling
   - Added comments when sending/receiving binary data

Regards,
-vladz.

Attachment: x11-access.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org