Nmap Development mailing list archives
Re: [NSE] Presentation and Vulscan Framework
From: Marc Ruef <marc.ruef () computec ch>
Date: Fri, 19 Nov 2010 13:10:36 +0100
Hello Martin, Thank you for your feedback!
I took a brief look at the scripts. Some feedback: * web_server_fingerprinting.nse is really just a wrapper around nmap service detection - it does not do anything :)
Yes, this is true and intended. Perhaps I haven't explained the idea of the package in enough detail. The goal is to collect all data gathered by nmap and to prepare it for further processing in a database. Our approach is discussed in more detail in the slides (pp. 25-42):
http://www.scip.ch/labs/files/scip_hashdays10_nmap_nse_hacking.pptThe provided scripts are just simple examples how this is achieved. They do not (really) improve the possibilities of nmap's data gathering or processing.
* web_server_http_1_1_pipelining_support.nse : this is strange. You just check if the server responds with HTTP/1.1 - which, in my experience, almost all servers do. The http-library in nse does support pipelining - if you really want to check if pipelining is supported, why not use that ? However, personally I am not aware why that is interesting from a security perspective - would be interesting to hear your thoughts?
This information might be useful during http fingerprinting because some hosts respond to an HTTP/1.0 request with the same HTTP/1.0 and other might switch to HTTP/1.1. As you can see here, not all servers respond with HTTP/1.1:
http://www.computec.ch/projekte/httprecon/?s=database&t=get_existing&f=protocol-versionThe identification mechanism is *not* accurate. I was more targeting simplicity to illustrate the methodology of the framework.
While these scripts may be useful to you if you have certain demands on the output, I think a lot of this is covered by other scripts/probes and perhaps any parts not covered could be included - but I guess that depends also on copyright issues...
Of course a lot is covered by other scripts (and far better; e.g. I am not taking http redirects into account due to priority of simplicity).
My scripts are just examples for separated data collection as it is required for large-scale vulnerability scans with dedicated data processing. The important part is the output wrapper and the possibilities for further parsing/analysis/moderation. I do *not* expect that ANY of those scripts is going to make it into the official Nmap NSE repository ;)
Althought the scripts are copyrighted, they underly the GNU General Public License 3.0.
Regards, Marc -- Marc Ruef | marc.ruef () computec ch | http://www.computec.ch/mruef/ _________________________________________________________________Meine letzte Publikation: "Nmap NSE Top Ten Webserver Scripts" http://www.scip.ch/?labs.20101119
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Martin Holst Swende (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Martin Holst Swende (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Marc Ruef (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Martin Holst Swende (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Fyodor (Nov 19)
- Re: [NSE] Presentation and Vulscan Framework Ron (Nov 20)
- Re: [NSE] Presentation and Vulscan Framework David Fifield (Nov 22)