Re: Some scripts for analyzing NetBus

[Fyodor <fyodor () insecure org>]

On Thu, Dec 30, 2010 at 02:37:38PM +0200, Toni Ruottu wrote:
> > > The scripts store a password in nmap.registry.netbuspassword. This won't
> > > work if more than host with different passwords is scanned at the same
> > > time. You should make this indexed by IP address and port number.
>
> Is string.format("%s:%d", host.ip, port.number) always unique and a
> valid key, or is there some advanced library function for serializing
> the host information? E.g. what would happen if the host was IPv6?

When you add that and the <empty> thing David mentioned, could you
also add an NSE script argument for specifying the Netbus password for
scripts like netbus-info?  That way users don't need to use
netbus-brute every time.  It would then need @args to be documented in
the NSEDoc section.  See Patrik's informix-query (among many other
scripts which do this) for an example of passing the authentication in
a script arg.  And would you add a @usage section to the scripts where
the default generated by our NSEDoc renderer "nmap -sV
--script=[scriptname] <target>" isn't ideal or informative enough?

I'm glad the new Nmap release will have some old school protocols like
Gopher and Netbus thanks to your scripts :).

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/