Re: Citrix scripts

[David Fifield <david () bamsoftware com>]

On Wed, Dec 02, 2009 at 10:19:30PM +0100, Patrik Karlsson wrote:
> I have re-worked and documented my Citrix scripts and made some
> changes and additions. The new scripts target the XML Service rather
> than the ICA Browser and therefore can do more.
>
> As an example the XML versions of the application enumeration script
> does not only fetch a list of all published applications but also the
> required user or group memberships needed to access them. It will also
> find applications published anonymously. 
>
> The Citrix XML Service usually listens to ports 80, 443 or 8080. It
> can be identified by the following server header: "Citrix Web PN
> Server". It can also "share ports" with IIS by running as an ISAP
> filter.

I've committed your scripts and the citrixxml module in r16267. I'm
thinking about whether it would be worthwhile to combine
citrix-enum-apps with citrix-enum-apps-xml, and citrix-enum-servers with
citrix-enum-servers-xml, because they report the same kind of
information. On the other hand, they work completely differently and
target different ports, so keeping them separate is good from an
organizational perspective.

I'm thinking about making all the scripts default, except for
citrix-brute-xml. You have them all in {"discovery", "safe"} except for
citrix-enum-apps which is in {"discovery", "intrusive"}. Is that just a
mistake?

I'm not able to test these scripts directly, but there has been positive
feedback. With all this recent interest it seems that Citrix should be
better represented in the services database. Fingers crossed, we'll be
able to reduce the memory usage of large scans enough that we can do
proper UDP scans to find the frequencies of all ports.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/