Re: Sounds like ftp-anon needs work?

[Rob Nicholls <robert () robnicholls co uk>]

On Tue, 1 Jun 2010 11:22:28 -0600, David Fifield <david () bamsoftware com>
wrote:
> I think we're getting too deep into minutiae and special cases. Can you
> or Rob just write a simple version that handles the most common cases,
> uses the read_reply function, and doesn't have a looping state machine
> structure?

I've replaced the loop with a recursive function, I presume this is what
you had in mind? This version of the script should cope with the common
cases.

This script shouldn't display any LUA errors with a -d1; the previous
version would occasionally throw up a few errors.

This one doesn't have any special string.match code to remove false
positives, and it will flag all 530 FTP codes so users can evaluate the
message and decide for themselves if they need to try again later when
there are fewer users.

> Let's get the easy part committed in version control.

Agreed, I'm keen to replace the version that's currently in SVN. I've kept
Gutek's existing readable/writeable checks against the root directory, but
this can be removed if you want to keep this script simple for now.

Rob

Attachment: ftp-anon.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/