Re: [NSE] resolveall prerule, nmap.resolve(), nmap.address_family()

[Fyodor <fyodor () insecure org>]

On Thu, Aug 12, 2010 at 01:50:13PM -0400, Patrick Donnelly wrote:
> On Thu, Aug 12, 2010 at 12:48 PM, Patrik Karlsson <patrik () cqure net> wrote:
> > The postrule reads the "session name" and posts a tweet once the scan has finished.
> > The tweet is sent as a public status update using the user and password supplied as script argument.
>
> That is so awesome (lol!).

I agree!  Just for fun, I took Patrik's session-name.nse and made a
simple tweet.nse which I was able to use to send a few Tweets to a
test account.  I thought it would be fun to use this for posts to the
@nmap account too, but there are a couple problems:

1) It looks like Twitter is planning to disable this form of
   authentication (basic auth) tomorrow in favor of OAuth:

   http://dev.twitter.com/announcements
   http://dev.twitter.com/pages/basic_to_oauth

2) It looks like you need to register your application in order to
have it show up on Tweets (e.g. "Posted by Nmap NSE").  So I've
registered Nmap NSE as app #247241.  If someone implements OAuth for
Twitter in NSE, we can try to get this working!

I'm not suggesting that Nmap include any tweet.nse Twitter client by
default, it is just a fun thing to play with.  An OAuth library might
be welcome in NSE if there are good use cases for it.  If OAuth is
problematic, we could consider one of the other supported
authentication methods, like xAuth or out-of-band PIN auth
(http://dev.twitter.com/pages/auth_overview).

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/