Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: Walt Scrivens <walts () gate net>
Date: Wed, 19 May 2010 08:28:19 -0400
That was my first impression, too from looking at the script. I was thinking of adding "ftp" and the null string to the list of "try"s - don't know if that would work. The problem I have right now is, the script doesn't run at all on my Mac :-( I'll have to get a Linux box running later and install nmap on it. Walt On May 18, 2010, at 9:08 PM, kx wrote:
I have an itching suspicion it is because of the username and password nmap uses vs. metasploit Nmap: try(socket:send("USER anonymous\r\n")) try(socket:send("PASS IEUser@\r\n")) Metasploit: OptString.new('FTPUSER', [ false, 'The username to authenticate as', 'anonymous']), OptString.new('FTPPASS', [ false, 'The password for the specified username', 'mozilla () example com']) But I don't know of an ftp server to test against that nmap doesn't get a response from, but metasploit does. cheers, kx On Tue, May 18, 2010 at 9:27 AM, Ron <ron () skullsecurity net> wrote:Absolutely! I do my best to answer scripting questions here or in #nmap on freenode whenever I can. (If you do ask in #nmap on Freenode, make sure you stick around for the answer :) ). On Tue, 18 May 2010 08:31:29 -0400 Walt Scrivens <walts () gate net> wrote:This looks interesting. I'll give it a try, but I'm a total N00B at Nmap Scripting and I'm likely to have to ask a lot of questions. OK? Walt On May 17, 2010, at 7:26 PM, Ron wrote:http://eromang.zataz.com/2010/05/16/anonymous-ftp-scanning-differences-between-metasploit-and-nmap Metasploit found about twice as many anonymous FTP servers than Nmap's ftp-anon.nse script. Metasploit also says whether it's read or read/write. Improving ftp-anon.nse might be a good task for somebody who's looking to learn Nmap scripting a little. It's going to be more troubleshooting than coding, likely. Any takers? -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Sounds like ftp-anon needs work? Ron (May 17)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 18)
- Re: Sounds like ftp-anon needs work? Ron (May 18)
- Re: Sounds like ftp-anon needs work? kx (May 18)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 18)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 18)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? David Fifield (May 19)