Re: Qscan in NSE: qscan.nse

[jah <jah () zadkiel plus com>]

On 18/03/2010 02:06, Kris Katterjohn wrote:
> Luckily I had some of free time this afternoon and got a script
> written up,
> attached as qscan.nse.  NSEdoc at the top should cover the options and
> usage,
> but the rundown on the options are confidence, delay and numtrips just
> like
> the original qscan has.
Great work Kris!  I wish I could provide some scan results which show it
working well, but I've only been able to test it against virtual
machines on the same network (one VM with some open ports, masqerading
for other VMs on a different subnet) and even though I've experimented
with different values for confidence, delay and numtrips I think the
round trip times I've seen aren't sufficiently stable and/or different
to distinguish between families.
What we need is a public test machine...

One thing I noticed is that qscan.nse runs against targets when only a
single port was specified, I think that if less than two ports are in a
testable state then qscan shouldn't run (unless maybe if it was
explicitly requested).

Still, once we can be confident of it's effectiveness, it's a neat
script to have in our arsenal!

Cheers,

jah


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/